Attach request without any authentication and IMSI revealed and sent over in plaintext. #840
Replies: 5 comments
-
|
@untitaker any insight? 🙏 |
Beta Was this translation helpful? Give feedback.
-
|
This is a false positive that happens sometimes with non activated SIM cards, it's one I see a lot, specifically the reason 'eps and non eps services not allowed' is the tower saying 'I can't provide you service' |
Beta Was this translation helpful? Give feedback.
-
|
Hey Cooper,
I really appreciate your help, and thanks for clearing that up for me.
I’ve been running the Rayhunter Orbic device for almost a year now. I
travel across the country frequently, and I carry it with me pretty much
religiously. About halfway through the year, after spending several weeks
in cities that are considered “hot zones” where IMSI catchers are
reportedly used heavily and got no warnings, I started to wonder whether my
device was functioning properly.
Because of that, I purchased a second Orbic, installed the latest Rayhunter
release, and ran it daily for another six months. During that entire
period, I didn’t receive any warnings or alerts.
Recently, I decided to use the analyzer/checker to review the combined logs
from both devices. I have hundreds of logs, and the analyzer flagged over
60 entries with warnings, including many suspicious cell IDs.
My question is: do you think the analyzer or checker could be producing
false positives, or otherwise misinterpreting the data?
Thanks again for your time and insight. I really appreciate it.
…On Wed, Feb 4, 2026 at 3:32 PM Cooper Quintin ***@***.***> wrote:
Closed #840 <#840> as
resolved.
—
Reply to this email directly, view it on GitHub
<#840>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/B5VU2V6ACZO5ERCCKGQDTKT4KJJI5AVCNFSM6AAAAACTT24EJSVHI2DSMVQWIX3LMV45UABFIRUXGY3VONZWS33OIV3GK3TUHI5E433UNFTGSY3BORUW63R3GIZTQOJSGY3Q>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
|
One quick follow-up I realized I forgot to ask in my last email.
Is it possible that the warnings flagged by the analyzer could be the
result of *passive* IMSI detection rather than active IMSI catcher
behavior? I’m trying to understand whether passive collection or monitoring
could explain the suspicious cell IDs showing up in the logs.
…---------- Forwarded message ---------
From: Jimmy ***@***.***>
Date: Wed, Feb 4, 2026 at 6:47 PM
Subject: Re: [EFForg/rayhunter] Attach request without any authentication
and IMSI revealed and sent over in plaintext. (Discussion #840)
To: EFForg/rayhunter <
***@***.***>
Hey Cooper,
I really appreciate your help, and thanks for clearing that up for me.
I’ve been running the Rayhunter Orbic device for almost a year now. I
travel across the country frequently, and I carry it with me pretty much
religiously. About halfway through the year, after spending several weeks
in cities that are considered “hot zones” where IMSI catchers are
reportedly used heavily and got no warnings, I started to wonder whether my
device was functioning properly.
Because of that, I purchased a second Orbic, installed the latest Rayhunter
release, and ran it daily for another six months. During that entire
period, I didn’t receive any warnings or alerts.
Recently, I decided to use the analyzer/checker to review the combined logs
from both devices. I have hundreds of logs, and the analyzer flagged over
60 entries with warnings, including many suspicious cell IDs.
My question is: do you think the analyzer or checker could be producing
false positives, or otherwise misinterpreting the data?
Thanks again for your time and insight. I really appreciate it.
On Wed, Feb 4, 2026 at 3:32 PM Cooper Quintin ***@***.***> wrote:
Closed #840 <#840> as
resolved.
—
Reply to this email directly, view it on GitHub
<#840>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/B5VU2V6ACZO5ERCCKGQDTKT4KJJI5AVCNFSM6AAAAACTT24EJSVHI2DSMVQWIX3LMV45UABFIRUXGY3VONZWS33OIV3GK3TUHI5E433UNFTGSY3BORUW63R3GIZTQOJSGY3Q>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
|
when you talk about the analyzer which analyzer are you talking about? Rayhunter-check? If you are getting warnings from that tool you can send the recordings to our EFF signal account for analysis. ElectronicFrontierFoundation.90 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Recently I've been getting these the past few weeks . I don't see it everyday just a few days out the week now. No warning from the orbic device or rayhunter dashboard. I travel a lot with the device and haven't got 1 warning from it before, so I'm skeptical if its able to send warnings correctly but it does produce results of activity in pcap
Beta Was this translation helpful? Give feedback.
All reactions