Meet Rayhunter

Sep 1, 2025

Join Cooper Quintin, security researcher at EFF, and The Gibson, founder of Hackers.Town, as they dive into the Rayhunter project, a groundbreaking tool aimed at detecting cellular surveillance. They discuss how our phones inadvertently broadcast our locations and the threats posed by cell site simulators. The conversation highlights privacy activism, the evolution of surveillance technologies, and practical steps individuals can take to protect their digital privacy. This engaging dialogue sheds light on the intersection of technology, activism, and community efforts.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Baseband Chips Are A Distinct Risk

Modern phones include a separate baseband processor that handles cellular radios and is largely outside the phone maker's control.
That baseband exposes unique attack surface used by IMSI catchers and baseband exploits.

INSIGHT

Community Data Enables Oversight

Rayhunter's goal is transparency: collect baseline evidence so experts and the public can understand where IMSI catchers are used.
Lack of vendor and police transparency means community-collected data fills crucial gaps for policy debates.

INSIGHT

What Cell Site Simulators Do

Cell site simulators are fake cell towers that trick phones into connecting and can capture IMSI or IMEI identifiers.
Those identifiers let operators locate devices or perform follow-up attacks like downgrades or SMS spoofing.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

We take our cell phones with us everywhere – which makes them the perfect tracking device. Just walking around with your device will give your location away in multiple ways. But even if you had no apps on your phone, the cellular chips in our devices will constantly be interacting with every cell tower that’s in range, negotiating the best tower to talk to, whether to use 5G or something else, and authenticating to the network – even in Airplane Mode. Cell site simulators (aka Stingrays or IMSI catchers) can be used to trick your phone into give away your location. The Electronic Frontier Foundation (EFF) has developed a cheap, easy-to-setup device that can try to discover and report these devices. Today I interview an expert panel about the clever Rayhunter project: Cooper Quintin, The Gibson, and OopsBagel.

Interview Notes

Rayhunter announcement: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
EFF’s Rayhunter project: https://efforg.github.io/rayhunter/
Submitting logs to EFF: https://efforg.github.io/rayhunter/support-feedback-community.html
DEF CON talk on Rayhunter: https://spectra.video/w/jt9rZHCU51Rh58cBD8oiP3
Buy yourself an Orbic hotspot: https://www.ebay.com/sch/i.html?_nkw=orbic+rc400l
Gotta Catch ‘Em All: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks
iPhone/Android fake cell site protections: https://www.eff.org/deeplinks/2023/09/apple-and-google-are-introducing-new-ways-defeat-cell-site-simulators-it-enough
Meshtastic: https://meshtastic.org/docs/getting-started/
Veilid: https://veilid.com/

Further Info

My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons

0:00:00: Intro
0:02:26: Interview setup
0:06:18: How did you become in involved with Rayhunter?
0:12:08: What is a cell site simulator?
0:14:01: What does a CSS look like and how are they deployed?
0:16:55: How is a CSS used for surveillance?
0:20:31: Can cell site simulaters work with modern protocols like 5G?
0:24:09: What information can you sniff from the cellular network?
0:27:41: Is there any transparency around the use of CSS’s?
0:30:02: How did Rayhunter evolve from previous work?
0:35:00: How do I make a Rayhunter device?
0:41:45: I’ve create a Rayhunter… now what?
0:46:10: How can I protect myself against CSS surveillance?
0:49:38: Does Airplane Mode really disable your cellular radio?
0:52:22: How else might I defeat mass surveillance tech?
0:54:46: What’s next for everyone?
1:00:53: Interview wrap-up
1:03:36: Meshtastic
1:04:49: Patron podcast preview
1:05:26: Looking ahead

Meet Rayhunter

Baseband Chips Are A Distinct Risk

Community Data Enables Oversight

What Cell Site Simulators Do

Interview Notes

Further Info

Table of Contents