If surveillance is a topic you care about, you’ve probably heard the term “StingRay” thrown around in reference to law enforcement agencies tracking cell phones. In this article, we’ll break down exactly what a StingRay is, what it does and how to block StingRay surveillance using tools such as VPNs and network selection.
Although the term “StingRay” has become a bit of a catch-all term, technically it only refers to a single type of device. The more accurate umbrella terms for these kinds of devices is “IMSI catcher” or “cell-site simulator.” IMSI is short for “international mobile subscriber identity, and it refers to the unique identifier attached to every SIM card.
There are significant differences between actual StingRays and other, more advanced cell-site simulators, which we’ll get into further down in this article.
- StingRay devices are just one type of IMSI-catcher that targets legacy 2G or GSM networks by mimicking a cell tower that your phone then connects to.
- Protecting yourself against StingRays in particular means disabling 2G on a jailbroken device, living in an area with true 5G connectivity, or always using a VPN when connecting to mobile data.
- Many 5G networks are actually just 4G networks with upgraded speed, meaning it can be hard to tell if you’re protected by 5G’s security features or not.
- Currently, there is no legislation in the U.S. that limits the use of cell-site simulators for surveillance, but there is a pending bill that aims to require police and other governmental agencies to obtain a warrant before deploying one.
If you’d rather just skip ahead to what you can do to protect your online activity, the short answer is to install and run a VPN at all times, so make sure to check out our list of the best VPNs to keep yourself safe. ExpressVPN (read our ExpressVPN review) and NordVPN (read our NordVPN review) are our clear favorites. However, note that VPNs won’t protect your text messages.
How to Block Stingray Surveillance
We’ll start out our guide by looking at what a StingRay is and how it differs from more modern solutions. Then we’ll explain the most basic steps you can take to protect yourself against StingRay surveillance.
What Is StingRay Surveillance?
StingRays essentially function by tricking your phone into thinking that the surveillance device is a cell tower. This results in your phone routing any traffic — such as text messages, web queries or phone calls — through the device. If this traffic isn’t encrypted, whoever operates the StingRay device will be able to access all of it.
Although it’s often used as a blanket term, a StingRay device is just one type of a class of devices known as “IMSI catchers” or “cell-site simulators.” It only operates on 2G networks, which makes it less useful for law enforcement with every passing year as 4G and eventually 5G networks take over.
Because of this, StingRays aren’t as useful as they used to be. Luckily for law enforcement and surveillance agencies, it’s not the end of the line for this type of technology.
StingRay vs Hailstorm
Although StingRays are limited to tracking cell phone users connected over a legacy 2G network, the same company that produced the StingRay (the Harris Corporation) also manufactures a device known as Hailstorm (or simply “StingRay II”).
Where StingRays can only intercept data over 2G, a Hailstorm device operates on 3G and 4G networks, which make up the vast majority of cellular networks worldwide.
Unlike with StingRays and similar devices, protecting yourself against a Hailstorm attack is much more difficult. Unless you live in an area with true 5G networks (more on that later), your only chance of keeping information like SMS messages safe from Hailstorm devices is to always use a VPN.
Block StingRay by Disabling 2G
The most straightforward way to protect yourself against StingRay attacks is to disable 2G networking on your phone. Unfortunately, very few phone manufacturers allow you to do this, with all of the big companies (such as Apple and Samsung) only letting you disable 3G or 4G.
To get around this, you can jailbreak or root your phone and install third-party software such as the Xposed Framework to disable 2G connections. That said, this only protects you if your phone connects directly to a 2G network, but not against the security vulnerability in 3G and 4G cellular networks that automatically switches the signal to 2G if needed.
What’s worse is that the StingRay in itself is an outdated technology. Law enforcement agencies also have access to more modern cell-site simulators that target 3G and 4G networks, making them much harder to avoid entirely.
In fact, U.S. carriers are in the process of phasing out their 2G networks. AT&T stopped servicing their 2G network in 2017 and Verizon did in 2020. Sprint and T-Mobile aren’t quite as far along, but they also plan to phase out their 2G networks by December 2021 and December 2022, respectively.
Can VPNs Protect You From Other Cell-Site Simulators?
Partially, yes. Although a virtual private network will garble any data or traffic that’s picked up by IMSI catchers, such as a StingRay device, it won’t be able to hide your physical location (or, at least, that of your device).
Standard text messages also won’t be protected, so make sure you use an alternative messaging app like WhatsApp, Signal or even Facebook Messenger if you want your messages covered by the VPN.
That said, protecting the contents of your data is probably more important than the fact that your device was located somewhere, unless you’re currently evading a manhunt. Besides, law enforcement doesn’t even need a cell-site simulator such as a StingRay if all they need is your location, as this can be found out by triangulating regular cell-phone towers or your GPS signal.
Who Uses Cell-Site Simulators?
Cell-site simulators are in wide use across the U.S., U.K. and Canada. They’re primarily used by government agencies, but in theory, there’s nothing stopping random cybercriminals from deploying one.
Law Enforcement Agencies
The main usage of cell-site simulators comes from law enforcement. Although you might think that using these devices requires a warrant, much like tapping someone’s phone, that is not the case. Cell-site simulators have long existed in a sort of legal gray area, which has allowed police to use them indiscriminately.
That said, a bill has been introduced in the United States Congress that would require law enforcement to obtain a warrant before deploying such a device, but whether or not it becomes law remains to be seen.
Given the murky legal nature of cell-site simulators, it’s not surprising that they’re widely used by intelligence agencies such as the NSA or CIA.
The relative lack of oversight these types of organizations enjoy makes it difficult to determine exactly how widespread this type of surveillance is. The American Civil Liberties Union found 75 different agencies — including the FBI, DEA and NSA — make use of this type of surveillance.
Although there’s nothing stopping hackers and cybercriminals from using cell-site simulators to access people’s data, their cost and the need to be in physical proximity to the target device make them much less attractive than other types of attacks for any but the most focused and dedicated cybercrime operations.
5G Networks: A Solution?
The solution to all of this is true 5G. As opposed to 3G and 4G networks, 5G does not automatically reroute traffic through 2G without you knowing it. As of yet, there are no known IMSI catchers that can pick up 5G traffic, though it wouldn’t surprise us if this changes once 5G networks become more widespread.
The reason 5G networks are safer from surveillance by law enforcement officials is that they ditch the IMSI — which is unencrypted and permanent — for the encrypted SUPI (subscription permanent identifier) and the unencrypted SUCI (subscription concealed identifier), which can’t be used to identify you because it’s reset with each connection.
That said, 5G networks are still relatively rare, so we wouldn’t be surprised if a “SUPI catcher” is already in the works somewhere.
Real & “Fake” 5G Networks
Since 5G networks don’t have the same security vulnerabilities as 4G, you might think you’re safe from surveillance once you see that you’re connected to a 5G network. Unfortunately, most 5G networks are still really just 4G, but with upgraded speed and bandwidth.
This means that even though it looks like you’re connected to 5G on your device, the underlying technology is still 4G, which leaves you vulnerable to Hailstorm devices.
Unfortunately, you as the end user won’t really be able to tell whether the 5G network you’re connecting to is true 5G or simply upgraded 4G. The only option you have for finding out is to contact your phone carrier and ask them, but whether or not you’ll get a truthful answer depends on the company.
Final Thoughts: Blocking StingRay Technology
That’s the end of our guide on how to protect yourself from surveillance carried out with StingRays and similar devices. Although there is legislation pending to limit the use of these devices, it’s currently a complete free-for-all, which means that it’s up to you to take steps to protect yourself.
At the end of the day, the best way to ensure you’re protected is by using a VPN for any mobile data network you connect to. Another safety measure you can implement is to ditch traditional SMS messages in favor of encrypted messages with an app like Signal, Telegram or Wickr.
What did you think of our guide to cellular surveillance? Do you feel like you have a better understanding of how federal law enforcement, intelligence agencies and police departments monitor mobile devices? Is there some crucial detail you think we missed? Let us know in the comments below. Thank you for reading.
Yes. Although a VPN won’t stop your phone from performing the automatic handshake with the StingRay device, it will garble any online data it picks up, making it unreadable to the person running the surveillance operation.
There are currently no laws prohibiting the use of StingRay devices (or any other IMSI catcher, for that matter). Although their cost is prohibitive for private individuals and hackers, police and other government agencies own many of them and are not required to obtain a search warrant to use them. That said, there is currently a bill that aims to require that local police departments and federal law enforcement acquire a search warrant before they can use such devices.
The best way to protect yourself from StingRay devices in particular is to jailbreak your phone and install software that lets you disable 2G connectivity. This still leaves you open to automatic downgrades on 3G and 4G networks, though, so if you’re worried about this type of surveillance, you’ll want to run a VPN as well. Connecting to a true 5G network also protects your data as there are no known IMSI catchers for 5G networks.
Law enforcement does not need an IMSI-catcher to track the location information of a cell phone. Once a device connects to three or more regular cell towers (or if it runs GPS), police can use triangulation to pinpoint the location of the device.