Rayhunter – Rust tool to detect cell site simulators on an orbic mobile hotspot(github.com)

174 pointsby stefankuehnel3 days ago9 comments

derac3 days ago
I can see why they'd write it for a specific cheap device. Is this stuff possible with a typical phone modem, though; or does it rely on some special features? Forgive my ignorance. :)
- bri3d3 days ago
  Possible, yes, it's just looking at various 3GPP network messages and parsing out a few common anomalies. Accessible, not all the time.
  This project uses QMDL (Qualcomm debug logging) on a device with an accessible modem debug port and debug logging enabled. Most older Qualcomm devices have this form of debug logging available by default, but on newer devices, the debug interface is usually more locked down, requiring some degree of shenanigans to access.
  Take a look at SnoopSnitch (similar project for Qualcomm Android phones), QCSuper and MobileInsight (tools capable of capturing signaling data from QC and Mediatek phones), and SCAT (capable of capturing signaling data from some Samsung basebands).
  Other vendors usually have similar debug modes for their modems, but they often aren't reverse engineered or as easy to access as the Qualcomm ones.
  - derac18 hours ago
    Amazing reply, thank you!
  - 3 days ago
    undefined
- windhaven3 days ago
  In the blog post[0], they mention it being possible with rooted Androids - so likely possible, just requires more access to what the modem's doing than the OS normally provides. [0]: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-ope...
- 3 days ago
  undefined
- JKCalhoun2 days ago
  I see the devices vary quite a bit in price on eBay: Verizon, Unlocked, etc. Anyone know if it matters whether locked, Verizon, AT&T, etc.?
aerostable_slug3 days ago
How would one test this device to know that it works? It would seem actual cell site simulators would be rare in the wild for many HN readers.
- edm0nd3 days ago
  You could bring it to a large festival or even a protest. Law enforcement deploys them all the time. I found one using SnoopSnitch on an Android phone while at a large festival here in Louisiana.
  - rtkwe2 days ago
    Does that work by comparing known cell sites to found cells sites? I know some StingRay detectors use that method and it's prone to false positives around large events where mobile carriers or 3rd parties bring in legitimate temporary cell sites to improve cell service at the venue and provide more capacity.
- evandrofisico2 days ago
  Here in Brazil criminals are starting to use those to send phishing SMS, exploiting our ubiquitous mobile payment system (pix) or pretending to be a second authentication factor for banks.
- d4mi3n2 days ago
  They are quite common in some municipalities. There are folks who talk about this at length in cybersecurity circles every year at conferences, it’s been an issue for a long while and the scope of the problem continues to grow.
  The EFF also writes in the topic from time to time. See: https://www.eff.org/deeplinks/2024/06/next-generation-cell-s...
  - toomuchtodo2 days ago
    Is it possible to detect these using SDR networks?
    https://www.rtl-sdr.com/kiwisdr-tdoa-direction-finding-now-f...
    d4mi3n2 days ago
    I have no idea. I'm not an RF expert, but I'll ask this the next time I run into one. Great question!
- alienthrowaway2 days ago
  Visit Washington, DC.
transpute3 days ago
iPhone Field Test Mode can be informative, https://www.xda-developers.com/how-access-field-test-mode-io... when combined with open data on cell tower identity, https://opencellid.org
```
  Dial *3001#12345#*
```
It can sometimes be informative to turn off Data Roaming in cellular settings.
(e)SIM password can provide an additional layer of control over when the phone contacts a cellular tower.
- slicktux2 days ago
  Wow! Thanks for the information! Very neat!
edm0nd3 days ago
You can buy these off eBay for pretty cheap.
Unlocked RC400L's are going for ~$19.99
Gunna look into getting one and making one of these to play with.
ofrzeta2 days ago
What's inside the Orbic? Any chance to make this work on a different device. Orbics don't seem to be very easy to get in Europe.
ChrisArchitect3 days ago
Blog post: https://news.ycombinator.com/item?id=43258620
- 3 days ago
  undefined
curtisszmania2 days ago
[dead]
fdsafd3 days ago
[dead]
fdsd3 days ago
[flagged]