Rayhunter: IMSI Catchers We Have Found So Far

https://www.eff.org/deeplinks/2025/09/rayhunter-what-we-have-found-so-far

83•cooperq•5mo ago

Comments

kstrauser•4mo ago

This is such a neat and fun project! I saw these flying off the shelf at Def Con.

Velocifyer•4mo ago

Nice

Scoundreller•4mo ago

When they say the recommended hotspot device used for this is cheap, they really are.

The recommended device for the Americas is US$11 (refurbished) on eBay with free US shipping. US$14 for shipping to Canada :(

https://www.ebay.com/itm/276624956523

and brand new units for US$20

There’s another seller with 50 for US$160

buildsjets•4mo ago

Cool, an IMSI Catcher Catcher. I am reminded of the otherwise unremarkable 1998 action comedy "The Big Hit."

Not only does this trace buster keep a buster from tracing your call, but it can also trace the MF that's tracing your shit. But if them MFs got a trace buster too, that's why I gots this trace buster BUSTER. See when a MF try to bust your trace with a trace buster, this MF gonna bust the MF trace buster that's busting your trace.

https://www.youtube.com/watch?v=2VY_xxL2jL0

neilv•4mo ago

If you make a Rayhunter, think twice before enabling its smartphone notification feature. The documentation doesn't directly warn, but presumably the notifications leak the fact that you use Rayhunter, and they go through centralized services. (With notifications being practically easier for some parties to check centrally, than how the device appears to the various cellular network towers.)

As situations sometimes become complicated in a locale, I suppose that this leaking could get you flagged as a potential troublemaker, or included in a small pool of persons of interest regarding an event/incident, etc.

(Most people neither think about nor are concerned with such possibilities, but if you find this device fun or interesting, then I'd guess probably you are more likely than the average person to want to reconcile how it works, with your fun/interesting/real threat model.)

Per <https://efforg.github.io/rayhunter/configuration.html>:

> ntfy URL for Sending Notifications, which allows setting a ntfy URL to which notifications of new detections will be sent. The topic should be unique to your device, e.g., https://ntfy.sh/rayhunter_notifications_ba9di7ie or https://myserver.example.com/rayhunter_notifications_ba9di7i.... The ntfy Android and iOS apps can then be used to receive notifications. More information can be found in the ntfy docs.

pcdoodle•4mo ago

I wonder if there's a usb option to get a notification on your PC?

miloignis•4mo ago

Not that I imagine most people would change it, but notably ntfy means that notifications don't have to go through centralized services. (As you can set what ntfy URL you want to use, including to your own server)

neilv•4mo ago

I guess if you set up an `ntfy` server, and you also run the `ntfy` app on iOS, then the `ntfy` app can do a local notification on the iOS device (without going through Apple APN servers)?

Then it looks like you can probably just do the communication between server and app using HTTP(S), though the app either needs to keep a connection open or poll frequently (with entirely new TCP and possibly TLS connection negotiation each poll time):

https://docs.ntfy.sh/config/

https://docs.ntfy.sh/publish/

`ntfy` is impressive, but there's a lot of implementation to it that could have vulns, there's substantial server config to do, the app-side UX polish isn't great, and the connection method is inefficient. But it might not obviously leak to some centralized thing outside your control (unlike if you do iOS push notifications the normal way).

joezydeco•4mo ago

The ntfy maintainer is here on HN if you want to send ideas:

https://news.ycombinator.com/user?id=binwiederhier

tamimio•4mo ago

> To protect yourself from Cellebrite you can use a strong password, turn off biometric unlocks, and keep your phone up to date.

To add, if you truly want to prevent any forensics on your iPhone (especially if you are traveling), make sure to pair lock your iPhone to a MacBook you leave in your house.

https://arkadiyt.com/2019/10/07/pair-locking-your-iphone-wit...

ungreased0675•4mo ago

Since the protest hypothesis hasn’t proven accurate, are there alternatives?

pcdoodle•4mo ago

We should patch the firmware to be like purpleair.com and have a map with this kinda activity.

Any idea how you would abuse control a project like that if it's no cost for the hardware?

cormorant•4mo ago

But someone else did: https://san.com/cc/exclusive-evidence-of-cell-phone-surveill...

using a different tool, "Marlin". The article has some technical details.

We Mourn Our Craft

Speed up responses with fast mode

Hoot: Scheme on WebAssembly

U.S. Jobs Disappear at Fastest January Pace Since Great Recession

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Stories from 25 Years of Software Development

Al Lowe on model trains, funny deaths and working with Disney

The AI boom is causing shortages everywhere else

The Waymo World Model

Reinforcement Learning from Human Feedback

Start all of your commands with a comma (2009)

Vocal Guide – belt sing without killing yourself

France's homegrown open source online office suite

Coding agents have replaced every framework I used

Selection Rather Than Prediction

A Fresh Look at IBM 3270 Information Display System

72M Points of Interest

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Where did all the starships go?

Software factories and the agentic moment

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Learning from context is harder than we thought

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Making geo joins faster with H3 indexes

Show HN: Kappal – CLI to Run Docker Compose YML on Kubernetes for Local Dev

Hackers (1995) Animated Experience

Ga68, a GNU Algol 68 Compiler

Sheldon Brown's Bicycle Technical Info

An Update on Heroku

Show HN: If you lose your memory, how to regain access to your computer?