Stingray countermeasures

A Stingray is a cell tower lookalike device.  It broadcasts its presence and nearby phones connect to the Stingray thinking it is a legitimate tower.  The Stingray can then log each phone or act as a man in the middle to incercept call metadata, text messages, or even call contents.

There are a number of public databases of legitimate cell towers.  For example,  Some databases are government, for example, the FCC license database, while others are crowdsourced.

It should be possible to modify a phone to only connect to towers which are legitimate by checking the purported tower ID against a cached copy of the database for the local area.  A stingray could, of course, use the id of a real tower, but that would disrupt communications in the whole area. This might not prevent the Stingray from logging the presence of such a phone, since the Stingray could hear the protocol handshake with the legitimate tower.

It should also be possible for a phone to passively listen for tower broadcasts, and to compare the tower ID against the database,  An unknown ID might be a new legitimate tower or it might be a Stingray.

It is likely quite difficult to get at and modify the low level radio software in a commercial smartphone, but there is a complete open source suite of cell infrastructure software at

That code could serve as a starting point for a software defined radio device for detecting and tracking Stingrays.  One could make a box with a red light on top which lights up when there is an unknown tower in the area.

In some areas, use of Stingray devices requires a warrant, but this is not universal.  The courts have also determined that use of location data from legitimate cell towers does not require a warrant



Leave a Reply

Your email address will not be published. Required fields are marked *