Open Source Tool Exposes Cell-Site Simulators’ Hidden Capabilities

The Electronic Frontier Foundation (EFF) has developed an open-source tool called Rayhunter to detect and analyze cell-site simulators (CSS), devices that masquerade as legitimate cell-phone towers and trick phones into connecting to them. CSS are used by law enforcement to pinpoint phone locations without involving the phone company, but little is known about their capabilities.

Rayhunter runs on a mobile hotspot and analyzes control traffic between the device and the connected cell tower in real-time. It looks for suspicious events, such as unusual requests that could indicate an IMSI catch or IMEI request under suspicious circumstances. If Rayhunter detects something suspicious, it notifies the user and provides access to logs for further review.

The tool is designed to be easy to use, regardless of technical skill level. EFF hopes that activists, journalists, and others will run Rayhunter around the world to collect data on CSS usage and capabilities, which can help build better defenses against these devices.

Rayhunter’s developer chose the name “Rayhunter” as a nod to the orca, which is a natural predator of stingrays (a common brand name for cell-site simulators). The EFF notes that using Rayhunter may expose users to some risk, but it aims to provide a valuable tool for understanding and combating CSS surveillance.

Source: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying