The StingRay was listed at $100,000 before being removed for violating the platform’s policy on not selling electronic surveillance equipment.
An apparently original StingRay cell phone surveillance device listed on eBay was taken down by the company on Tuesday after 404 Media contacted it about the listing. The device, which was labeled as used, was up for sale for $100,000.
The device was listed as “Harris Stingray Cellular Phone Surveillance w/ Power Cord & Rolling Case - USED.” Photos uploaded to the listing show the device, numerous cables, and a StingRay operating manual with the original Harris Communications logo. A close-up photo shows the power switch, which glows green when turned on. According to the operating manual, this device was from 2004.
“Powers on. Not fully tested,” the seller wrote in the listing details. “Only pictured parts are included in listing.” When reached for comment about whether the device was real and any background information on how they had obtained it, the seller responded, “No background.”
Is this one of those things like the GPS trackers they just sort of plant on your shit by trespassing, and if you find them they typically come to collect them because their cover is blown anyway and they are expensive?
Or is this one of those things that you need to like… actively do things with? From the pics it looks like an active-use device but idk shit about 2004 tech so.. (I was an adult, but barely conscious of things)
(I am just going into the basics, so ignore gross errors.)
It just fakes a cell tower. Because of the nature of how modern radios work, a phone will likely connect to the strongest signal it detects. The stingray acts as a "man in the middle" and relays the phone signal to an actual tower as if it was the original phone making the call. As it relays the call, the operator can listen in.
It's akin to answering a call, making a call on another phone and then holding the two phones together.
(MITM attacks on HTTPS connections are similar, but there are some nuances with how the connection is decrypted and the re-encrypted.)