September 21, 2011
How 'Stingray' Devices Work
By Jennifer Valentino-DeVries
Law enforcement and the military are using devices called "stingrays" to track cellphones, as described in a story in today's Wall Street Journal. The government considers the devices sensitive information, and not much is known publicly about how they are used. But it's possible to get a good idea of how they work based on public documents and interviews with technology experts.
The systems involve an antenna, a computer with mapping software, and a special device. The device mimics a cellphone tower and gets the phone to connect to it. It can then collect hardware numbers associated with the phone and can ping the cellphone even if the owner isn't making a call. This can be done through walls -- something that is useful in finding suspects as well as victims of crimes or accidents.
There are two ways to use the devices, says Matt Blaze, a computer science professor at the University of Pennsylvania and a former researcher at AT&T Labs.
One way is to point the antenna at a location and collect the hardware numbers there. These numbers can be used to determine which phones are in a given place at a given time. The devices also can be used to locate a phone when the officers know the numbers associated with it but don't know precisely where it is. In that case, the offers can drive around until they get a signal from the target phone while pinging it.
Once a signal is found, the stingray setup measures its strength and can provide a general location on the map. The officer can then move to another location and again measure the signal strength.
By collecting the signaling information from several locations, the system can triangulate the location of the phone more precisely.
Mr. Blaze said stingrays alter the normal behavior of cellular devices. In addition, the stingray was used in mode that allowed it to force the broadband card to communicate.
"They are getting your card to do something it doesn't normally do," Mr. Blaze said. "It's pairing with a simulated base station rather than the usual base station."
The exact way these stingray devices work is one of the big questions in a case currently playing out in U.S. District Court for the District of Arizona. The defense in that case wants to know just how the stingray was able to locate a mobile broadband card in an apartment building. The card was key in the later arrest of the defendant on fraud charges.