English

Multiple Options, Various Color Selection, Oem/Odm Designing

View All Products

Fully Customizable

View All Products

Build A World Brand And Let Us Go Global

View All Products

How to Block Stingray Surveillance on Your Cell Phone in 2022

2022-06-24 20:26:19 By : Mr. Richard Zhang

Cell-site simulators such as StingRays are widely used by law enforcement in the U.S., U.K. and Canada. Keep reading to learn what these devices are, what information they collect and how you can protect yourself against them.

If surveillance is a topic you care about, you’ve probably heard the term “StingRay” thrown around in reference to law enforcement agencies tracking cell phones. In this article, we’ll break down exactly what a StingRay is, what it does and how to block StingRay surveillance using tools such as VPNs and network selection.

Although the term “StingRay” has become a bit of a catch-all term, technically it only refers to a single type of device. The more accurate umbrella terms for these kinds of devices is “IMSI catcher” or “cell-site simulator.” IMSI is short for “international mobile subscriber identity, and it refers to the unique identifier attached to every SIM card.

There are significant differences between actual StingRays and other, more advanced cell-site simulators, which we’ll get into further down in this article. 

If you’d rather just skip ahead to what you can do to protect your online activity, the short answer is to install and run a VPN at all times, so make sure to check out our list of the best VPNs to keep yourself safe. ExpressVPN (read our ExpressVPN review) and NordVPN (read our NordVPN review) are our clear favorites. However, note that VPNs won’t protect your text messages.

Yes. Although a VPN won’t stop your phone from performing the automatic handshake with the StingRay device, it will garble any online data it picks up, making it unreadable to the person running the surveillance operation.

There are currently no laws prohibiting the use of StingRay devices (or any other IMSI catcher, for that matter). Although their cost is prohibitive for private individuals and hackers, police and other government agencies own many of them and are not required to obtain a search warrant to use them. That said, there is currently a bill that aims to require that local police departments and federal law enforcement acquire a search warrant before they can use such devices.

The best way to protect yourself from StingRay devices in particular is to jailbreak your phone and install software that lets you disable 2G connectivity. This still leaves you open to automatic downgrades on 3G and 4G networks, though, so if you’re worried about this type of surveillance, you’ll want to run a VPN as well. Connecting to a true 5G network also protects your data as there are no known IMSI catchers for 5G networks.

Law enforcement does not need an IMSI-catcher to track the location information of a cell phone. Once a device connects to three or more regular cell towers (or if it runs GPS), police can use triangulation to pinpoint the location of the device.

We’ll start out our guide by looking at what a StingRay is and how it differs from more modern solutions. Then we’ll explain the most basic steps you can take to protect yourself against StingRay surveillance.

StingRays essentially function by tricking your phone into thinking that the surveillance device is a cell tower. This results in your phone routing any traffic — such as text messages, web queries or phone calls — through the device. If this traffic isn’t encrypted, whoever operates the StingRay device will be able to access all of it.

Although it’s often used as a blanket term, a StingRay device is just one type of a class of devices known as “IMSI catchers” or “cell-site simulators.” It only operates on 2G networks, which makes it less useful for law enforcement with every passing year as 4G and eventually 5G networks take over.

Because of this, StingRays aren’t as useful as they used to be. Luckily for law enforcement and surveillance agencies, it’s not the end of the line for this type of technology.

Although StingRays are limited to tracking cell phone users connected over a legacy 2G network, the same company that produced the StingRay (the Harris Corporation) also manufactures a device known as Hailstorm (or simply “StingRay II”). 

Where StingRays can only intercept data over 2G, a Hailstorm device operates on 3G and 4G networks, which make up the vast majority of cellular networks worldwide.

Unlike with StingRays and similar devices, protecting yourself against a Hailstorm attack is much more difficult. Unless you live in an area with true 5G networks (more on that later), your only chance of keeping information like SMS messages safe from Hailstorm devices is to always use a VPN.

The most straightforward way to protect yourself against StingRay attacks is to disable 2G networking on your phone. Unfortunately, very few phone manufacturers allow you to do this, with all of the big companies (such as Apple and Samsung) only letting you disable 3G or 4G.

To get around this, you can jailbreak or root your phone and install third-party software such as the Xposed Framework to disable 2G connections. That said, this only protects you if your phone connects directly to a 2G network, but not against the security vulnerability in 3G and 4G cellular networks that automatically switches the signal to 2G if needed.

What’s worse is that the StingRay in itself is an outdated technology. Law enforcement agencies also have access to more modern cell-site simulators that target 3G and 4G networks, making them much harder to avoid entirely. 

In fact, U.S. carriers are in the process of phasing out their 2G networks. AT&T stopped servicing their 2G network in 2017 and Verizon did in 2020. Sprint and T-Mobile aren’t quite as far along, but they also plan to phase out their 2G networks by December 2021 and December 2022, respectively.

Partially, yes. Although a virtual private network will garble any data or traffic that’s picked up by IMSI catchers, such as a StingRay device, it won’t be able to hide your physical location (or, at least, that of your device). 

Standard text messages also won’t be protected, so make sure you use an alternative messaging app like WhatsApp, Signal or even Facebook Messenger if you want your messages covered by the VPN.

That said, protecting the contents of your data is probably more important than the fact that your device was located somewhere, unless you’re currently evading a manhunt. Besides, law enforcement doesn’t even need a cell-site simulator such as a StingRay if all they need is your location, as this can be found out by triangulating regular cell-phone towers or your GPS signal.

Cell-site simulators are in wide use across the U.S., U.K. and Canada. They’re primarily used by government agencies, but in theory, there’s nothing stopping random cybercriminals from deploying one.

The main usage of cell-site simulators comes from law enforcement. Although you might think that using these devices requires a warrant, much like tapping someone’s phone, that is not the case. Cell-site simulators have long existed in a sort of legal gray area, which has allowed police to use them indiscriminately.

That said, a bill has been introduced in the United States Congress that would require law enforcement to obtain a warrant before deploying such a device, but whether or not it becomes law remains to be seen.

Given the murky legal nature of cell-site simulators, it’s not surprising that they’re widely used by intelligence agencies such as the NSA or CIA.

The relative lack of oversight these types of organizations enjoy makes it difficult to determine exactly how widespread this type of surveillance is. The American Civil Liberties Union found 75 different agencies — including the FBI, DEA and NSA — make use of this type of surveillance.

Although there’s nothing stopping hackers and cybercriminals from using cell-site simulators to access people’s data, their cost and the need to be in physical proximity to the target device make them much less attractive than other types of attacks for any but the most focused and dedicated cybercrime operations.

The solution to all of this is true 5G. As opposed to 3G and 4G networks, 5G does not automatically reroute traffic through 2G without you knowing it. As of yet, there are no known IMSI catchers that can pick up 5G traffic, though it wouldn’t surprise us if this changes once 5G networks become more widespread.

The reason 5G networks are safer from surveillance by law enforcement officials is that they ditch the IMSI — which is unencrypted and permanent — for the encrypted SUPI (subscription permanent identifier) and the unencrypted SUCI (subscription concealed identifier), which can’t be used to identify you because it’s reset with each connection.

That said, 5G networks are still relatively rare, so we wouldn’t be surprised if a “SUPI catcher” is already in the works somewhere.

Since 5G networks don’t have the same security vulnerabilities as 4G, you might think you’re safe from surveillance once you see that you’re connected to a 5G network. Unfortunately, most 5G networks are still really just 4G, but with upgraded speed and bandwidth. 

This means that even though it looks like you’re connected to 5G on your device, the underlying technology is still 4G, which leaves you vulnerable to Hailstorm devices.

Unfortunately, you as the end user won’t really be able to tell whether the 5G network you’re connecting to is true 5G or simply upgraded 4G. The only option you have for finding out is to contact your phone carrier and ask them, but whether or not you’ll get a truthful answer depends on the company.

That’s the end of our guide on how to protect yourself from surveillance carried out with StingRays and similar devices. Although there is legislation pending to limit the use of these devices, it’s currently a complete free-for-all, which means that it’s up to you to take steps to protect yourself.

At the end of the day, the best way to ensure you’re protected is by using a VPN for any mobile data network you connect to. Another safety measure you can implement is to ditch traditional SMS messages in favor of encrypted messages with an app like Signal, Telegram or Wickr.

What did you think of our guide to cellular surveillance? Do you feel like you have a better understanding of how federal law enforcement, intelligence agencies and police departments monitor mobile devices? Is there some crucial detail you think we missed? Let us know in the comments below. Thank you for reading.

I’m not savvy even a little on the internal operations of computers/devices. That informative, easy to understand.l loved it.

use u-check to see what needs to be up dated quickly updates id part of the key

Thank you. Constantly learning, this is an intelligent article I am glad to have read.

My phone, I believe is cloned. They swap sims from every carrier I’ve ever had. They take over my VPN, Anti-Virus, and block ALL types of websites!! They are running some kind of router in my home and plugging (what sounds like a regular telephone) into the telephone jack..My Home network changes, all ip addresses change all the time! What should I do?

i would leave the phone in a crowded public bathroom and walk away. leave the car the house only use cash.

I have the same problem. Phone probably cloned. My VPN doesn’t stop them from anything. My computers are hacked. The biggest problem is there’s a beacon on my truck I can’t find. I get followed to the store and if I don’t pay attention they mess with my food. Can’t get work because they follow me to the interview and then after I leave say negative things about me. They want my home/property and this is how they are working on taking it. I’m from Washington State. America is not the land of the free.. it’s the land of the cartel. Sad.

same. and yes, it is cartel. Not US Govt

I’m experiencing the exact same treatment! They may be tracking you via your phone OR if you drive a GM vehicle or other with Northstar tracking, they can also tap into that with just your tag number…

A nice and informative article that’s easy to comprehend what is being spoken about. It was easy to hold attention so I could finish reading through to the end. Any referencing to any news articles involving law enforcement agencies and also civilians being involved with this technology would be interesting if possible. Otherwise excellent work creating this article thanks

Let me know if you ever figure out how to stop them!

what about removing the sim card?

Can the the StingRay be used to surveil tablet computers? If so, will a VPN block StingRay surveillance?

wow what an eye opener . So big brother has been spying on all of us all along . Thank you for this information . Encryption on my fellow citizens but use a vpn as well

What did you mean by the sting device must be in close proximity to the target? How close? What other means do they use in order to launch an attack?

Within 3 mile radius is what I was told

Folks, YOU ARE being tracked “IF” you have a cell phone… Our local dispatcher has a 4×6 screen that has traveling dots all over it.. Some dots are blue, for the cops, and some are other colors for folks they have placed under surveillance via their phones.. This is NOT some wild conspiracy theory, it is a FACT!!

Are people using spy apps to monitor conversations on phone/house?

Does switching out your SIM card stop them from listing in or seeing your text messages?

© 2007-2022 Cloudwards.net - We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own.

Featured Products

News & Blog