An apparently original StingRay cell phone surveillance device listed on eBay was taken down by the company on Tuesday after 404 Media contacted it about the listing. The device, which was labeled as used, was up for sale for $100,000.

The device was listed as “Harris Stingray Cellular Phone Surveillance w/ Power Cord & Rolling Case - USED.” Photos uploaded to the listing show the device, numerous cables, and a StingRay operating manual with the original Harris Communications logo. A close-up photo shows the power switch, which glows green when turned on. According to the operating manual, this device was from 2004.

“Powers on. Not fully tested,” the seller wrote in the listing details. “Only pictured parts are included in listing.” When reached for comment about whether the device was real and any background information on how they had obtained it, the seller responded, “No background.”

  • remotelove
    link
    fedilink
    arrow-up
    15
    ·
    5 months ago

    (I am just going into the basics, so ignore gross errors.)

    It just fakes a cell tower. Because of the nature of how modern radios work, a phone will likely connect to the strongest signal it detects. The stingray acts as a “man in the middle” and relays the phone signal to an actual tower as if it was the original phone making the call. As it relays the call, the operator can listen in.

    It’s akin to answering a call, making a call on another phone and then holding the two phones together.

    (MITM attacks on HTTPS connections are similar, but there are some nuances with how the connection is decrypted and the re-encrypted.)

    • TechNerdWizard42@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      Yup that’s a good description. The scary part is that the new ones are sooo much better. And even work from the planes and helicopters and now drones.

    • IndustryStandard@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      5 months ago

      Why do they need these? They have backdoors at the providers. No need for a fake mast they control the real masts.

      • remotelove
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        5 months ago

        It’s easier to target a specific area or person, regardless of the provider and legalities can be ignored. Its best feature is that it’s portable and likely hard to detect because it doesn’t need to be turned on all the time. The second best feature is that training people to use it is probably really easy.

        If backdoors exist or not, the setup and use would be significantly more complex. More people would be aware, there is more risk in getting caught, there will always be system logs somewhere, etc.