Every time your phone connects to a cell tower, it shares identifying information about you and your device. Cell tower simulators -- also known as Stingrays or IMSI catchers -- exploit this by impersonating legitimate cell towers, tricking your phone into connecting to a surveillance device instead. Once connected, the operator can track your location, harvest your device identifiers, and in some cases intercept your calls and text messages. Originally developed for military and intelligence use, these devices are now deployed by law enforcement agencies across the country and, increasingly, by criminals. Here is what you need to know about this invisible threat and what you can do to protect yourself.
What Are Cell Tower Simulators?
A cell tower simulator is a portable device that mimics a legitimate cellular base station. The most well-known brand is the StingRay, manufactured by L3Harris Technologies, though many similar devices exist under names like Hailstorm, Crossbow, and Dirtbox. Your phone is designed to automatically connect to the cell tower with the strongest signal. Simulators exploit this by broadcasting a powerful signal that overrides nearby legitimate towers, giving the operator access to information your device transmits.
There are two types:
- Passive devices silently intercept cellular transmissions without broadcasting any signal, similar to how an FM radio picks up broadcasts. They decode these signals to extract device identifiers and track phones.
- Active devices are far more common. They transmit a signal that forces nearby phones to connect, giving the operator direct access to device data. Advanced models can force your phone to downgrade from 4G or 5G to unencrypted 2G, making it possible to intercept calls and texts in plain text.
What Data Can They Capture?
When your phone connects to a cell tower simulator, the operator can potentially access:
- Your IMSI number -- the International Mobile Subscriber Identity stored on your SIM card, which uniquely identifies your cellular account
- Your IMEI number -- the International Mobile Equipment Identity that uniquely identifies your physical device
- Your precise location in real time, often down to a specific room in a building
- Call metadata -- who you call, when, and for how long
- SMS text messages -- unencrypted by design and fully readable when intercepted
- Voice calls -- especially when the simulator forces a 2G downgrade that strips encryption
- Web browsing data -- any unencrypted HTTP traffic passing through the connection
Some advanced IMSI catchers can even divert calls and texts, edit message content, spoof your identity, or deliver spyware directly to your device.
The Bystander Problem
Cell tower simulators do not target a single phone. They sweep up data from every phone within range -- often hundreds or thousands of devices belonging to people who are not suspects in any investigation. Deploying a simulator at a protest, in an apartment building, or near a hospital captures the private information of bystanders whose only crime was being nearby. This mass collection of innocent people's data is one of the most serious civil liberties concerns surrounding this technology.
Who Uses Cell Tower Simulators?
Law Enforcement
Federal agencies including the FBI, DEA, ICE, and U.S. Marshals Service use cell-site simulators, and state and local police departments have acquired them through federal grants and military surplus programs. The Department of Justice requires federal agents to obtain a warrant before deployment, but state and local policies vary widely.
Foreign Intelligence and Criminals
Rogue cell-site simulators have been detected near embassies and government buildings in Washington, D.C. and other major cities, widely attributed to foreign intelligence operations. Meanwhile, as the technology has become more affordable -- some IMSI catchers can be assembled from commercially available components for a few thousand dollars -- criminals have begun using them to intercept financial information, steal passwords, and conduct identity theft.
Skip the manual work
PrivacyOn removes your personal information from 100+ data broker sites and keeps it removed — automatically.
Start your free scan★★★★★ 4.8/5 · Trusted by thousands of families
The Legal Landscape
Cell-site simulators operate in what legal scholars have called a gray area that challenges Fourth Amendment protections. The DOJ mandated warrant requirements for federal law enforcement in 2015, and courts have increasingly recognized that using these devices constitutes a "search." However, many state and local agencies have used simulators under less restrictive orders, and secrecy surrounding these programs -- often backed by non-disclosure agreements between manufacturers and law enforcement -- makes oversight difficult. Several states have passed warrant-requirement laws, but there is no comprehensive federal statute, meaning your level of protection depends largely on where you live.
How to Detect Cell Tower Simulators
Detecting cell-site simulators is challenging by design -- they are built to be invisible. However, there are some approaches:
- EFF's Rayhunter: The Electronic Frontier Foundation released Rayhunter in 2025, a free, open-source tool that runs on an affordable mobile hotspot device and monitors for signs of cell-site simulator activity. It is currently the most accessible detection tool available.
- Network anomaly apps: Apps like SnoopSnitch (for rooted Android devices) can monitor cellular network behavior and alert you to suspicious activity, though many detection apps are outdated and unreliable against modern simulators.
- Unexpected 2G downgrades: If your phone suddenly drops from 4G or 5G to 2G in an area where you normally have strong coverage, it could indicate a cell-site simulator is forcing a protocol downgrade.
In practice, most people will never know when their phone has connected to a cell-site simulator. This is why proactive protection matters more than detection.
How to Protect Yourself
1. Disable 2G on Your Phone
The most dangerous capability of cell tower simulators is forcing a 2G downgrade to strip encryption. On Android, you can disable 2G connectivity by going to Settings > Network & Internet > SIMs > Allow 2G and toggling it off. This prevents your phone from connecting to unencrypted 2G networks. Unfortunately, iPhones do not currently offer this option.
2. Use a VPN
A VPN encrypts all internet traffic leaving your device, regardless of what network you are connected to. While a VPN cannot prevent your phone from connecting to a fake cell tower, it ensures that any data passing through the connection is encrypted and unreadable to the simulator operator. This protects your browsing activity, app data, and any information transmitted over the internet.
3. Use Encrypted Messaging and Calling Apps
Standard SMS messages and traditional phone calls have no end-to-end encryption and are fully readable when intercepted by a cell-site simulator. Switch to encrypted alternatives like Signal, WhatsApp, or iMessage for messaging, and use Signal or FaceTime for voice calls. These apps encrypt communications on your device before they ever reach the cellular network, making interception useless.
4. Enable Airplane Mode in Sensitive Situations
When you are in a location where you suspect surveillance or simply want to guarantee your phone is not connecting to any tower, enable airplane mode. This completely disconnects your phone from all cellular networks. You can still use Wi-Fi if available while in airplane mode.
5. Keep Your Phone Updated
Both Apple and Google have been introducing security features to combat cell-site simulators. Google added a setting to block null cipher connections, which prevents your phone from establishing unencrypted cellular links. Apple has implemented cellular security notifications in newer iOS versions. Keeping your phone on the latest operating system version ensures you benefit from these protections as they are released.
6. Prefer 5G When Available
5G networks encrypt your IMSI during the initial connection and use stronger mutual authentication between your phone and the tower. While 5G is not completely immune -- non-standalone implementations still rely on vulnerable 4G infrastructure -- it is substantially more resistant than older protocols. As standalone 5G networks become more widespread, IMSI catcher effectiveness will continue to diminish.
Reduce the Value of What Can Be Found
Even with every technical protection in place, a cell-site simulator can still capture your device identifiers and location. What matters next is what an attacker can do with that information. Your IMSI and phone number can be cross-referenced with data broker databases that contain your name, home address, workplace, family members, and more. PrivacyOn removes your personal information from over 100 data broker sites and continuously monitors for reappearances, so even if a cell tower simulator captures your device identifiers, there is far less personal data available to connect them to your real identity. With family plans covering up to 5 people starting at $8.33/mo, PrivacyOn helps ensure that surveillance data becomes a dead end rather than a doorway into your private life.
Limit Your Broader Exposure
Cell tower simulators are just one piece of a larger surveillance landscape. The data they capture becomes far more dangerous when combined with personal information available about you online -- a phone number captured by an IMSI catcher can be searched on people-finder sites to reveal your full name, address, and family connections in seconds.
No single measure is a complete solution. But reducing your digital footprint, using encrypted communications, employing a VPN, and minimizing unnecessary location sharing creates layers of protection that work together. Cell tower simulators are not going away, but you can ensure the data they collect leads nowhere useful.