Privacy

Device Threats 101: Malware/Spyware (Pegasus-type) & IMSI Catchers (Stingrays)

Written by

REALLY Wireless Logo

REALLY

A security and privacy dashboard with its status.

Summary

  • Your phone is the softest target. If malware/spyware compromises a device, attackers can see what you see, messages, mic/camera, files, regardless of network privacy.

  • IMSI catchers (“Stingrays”) are fake cell sites. They lure phones—often via 2G/legacy downgrades, to reveal identifiers and sometimes meddle with signaling/voice/SMS.

  • A VPN helps on the internet path, not the radio trick. It hides destinations on the IP path, but can’t stop fake towers or legacy call paths.

  • REALLY’s approach: PrivateCore™ with anonymous signup & systems, no subscriber-identity mapping, no centralized, identity-linked archive, VoLTE/VoNR-first posture, anti-downgrade guidance, included VPN, and Device Scanner for on-device hygiene.

  • Honest limit: A compromised device or physical seizure sits outside any carrier’s control—pair network privacy with device hygiene and end-to-end encrypted apps.

The Critic’s Question

“If spyware like Pegasus exists and police use Stingrays, what does REALLY actually do, and what can’t you do?”

Answer (short): We can’t “patch” a hacked phone or stop a fake tower your device chooses to talk to. We can remove the mass-surveillance fuel (no identity-linked archive, no PII, no subscriber-identity mapping), harden call/data defaults (VoLTE/VoNR-first, anti-downgrade guidance), provide an included VPN for the IP path, and give you Device Scanner tools to reduce on-device exposure. Investigations still work through court-supervised, multi-party process; bulk spying on millions doesn’t.

Threat model: device vs. radio vs. network

  • Device layer (you): OS/app exploits, stalkerware, malicious profiles, physical access.

  • Radio layer (air): fake base stations (IMSI catchers/Stingrays), forced 2G/legacy downgrades, paging tricks.

  • Network layer (carrier/cloud): retention policies, identity joins, broad interfaces, adtech sharing.

REALLY focuses on network-layer privacy by design and radio-path hardening, while giving you concrete device-layer hygiene.

Part A: Malware/Spyware (Pegasus-type, stalkerware, etc.)

What it is: High-privilege software (sometimes zero-click) that can read messages, use mic/camera, and exfiltrate files.

What a compromise means:

  • Attackers can access content before it’s encrypted in transit or after it’s decrypted on device.

  • No carrier can “re-encrypt around” a fully compromised endpoint.


Your moves (always-on basics):

  • Keep OS/apps fully updated; remove unused profiles/MDM.

  • Install from trusted stores only; avoid sideloading/unknown device management.

  • Audit permissions (mic/camera/location); use end-to-end encrypted apps for sensitive chats.

  • If targeted, consider clean restore/new device, rotate keys/passwords, monitor for re-infection.

REALLY’s Device Scanner (what it checks):

  • OS version & patches, flags if iOS/Android is behind on critical updates.

  • Jailbreak/root indicators, surfaces common signs of device compromise.

  • Risky configuration, unknown profiles/MDM, developer mode, unknown sources enabled.

  • Network/profile hygiene, suspicious VPN/APN profiles or DNS overrides you didn’t set.

  • Integrity & telemetry sanity, verifies key system settings align with our hardening guide.

What it doesn’t do:

  • It’s not a forensic Pegasus detector or silver bullet for zero-click exploits. For high-risk cases: fresh device/clean restore, latest OS, key rotation, continued hygiene.

Net effect: Device Scanner reduces avoidable exposure and catches common misconfigurations, while REALLY keeps the network from becoming a dossier.

Part B: IMSI Catchers / “Stingrays”

What they are: Portable base stations impersonating a cell tower to make phones attach, typically by forcing legacy (2G) or weaker settings. Goals: learn device identifiers, locate devices, sometimes meddle with signaling/voice/SMS.

How modern networks help:

  • 4G/5G mutual authentication improves security vs. 2G/legacy. Attackers often try to downgrade you to older radios.

What you can do:

  • Prefer devices that support 2G-off (toggle where available); keep VoLTE/VoNR on.

  • Avoid unknown femtocells/“free boosters.”

  • Use end-to-end encrypted apps for sensitive content; avoid SMS for secrets.

What REALLY adds:

  • VoLTE/VoNR-first posture and anti-downgrade guidance (device tips to avoid legacy fallbacks where possible).

  • Anonymous signup & systems, no subscriber-identity mapping, no centralized identity-linked archive, so even if a fake tower sees radio identifiers, there’s no dossier on our side to join to a person.

Reality check:

  • Perfect IMSI-catcher “detection” is unrealistic. We prioritize prevention (modern legs, guidance) and minimizing value of any capture (no identity archive).

Where a VPN fits (and doesn’t)

  • Helps (internet path): The observer/host sees the VPN gateway as destination, not each site/app; if the VPN resolves DNS, DNS lookups aren’t visible to the host.

  • Doesn’t help: Radio-layer tricks (fake towers, 2G downgrades) or traditional voice/SMS over PSTN. It’s a complement, not a cure-all.

What REALLY does

  • PrivateCore™: anonymous signup & systems, no subscriber-identity mapping, no centralized, identity-linked archive, short retention, no data monetization.

  • Hardened defaults: prefer VoLTE/VoNR; publish anti-downgrade guidance for supported devices.

  • Included VPN: reduce IP-based tracking on untrusted networks.

Device Scanner & Anti-Spy Setup: practical hygiene checks and step-by-step hardening.

Due process: lawful access via targeted, court-supervised requests, no bulk handover.

Honest limits

  • Compromised endpoints: If malware owns the device, it can see content. Updates, clean reinstalls, and careful habits are the fix.

  • PSTN reality: Traditional voice isn’t end-to-end encrypted. We harden paths (modern legs) but can’t make PSTN e2e.

  • Physical capture: Seized/unlocked devices may expose on-device data subject to legal process.

  • IMSI-catcher certainty: No universal detector; we focus on prevention and limiting the payoff.

Proof & verification (in progress)

  • Device guidance matrices (which models support 2G-off, VoLTE/VoNR toggles).

  • Call-path captures (evidence of modern legs where devices support them).

  • Retention Matrix (short TTLs) + automated deletion logs.

  • Interface inventory (no subscriber-identity mapping; no centralized identity-linked archive).

  • Transparency counters (aggregate lawful request stats).

  • Device Scanner docs (what checks we run; how to run them yourself).

Join the only carrier that makes privacy non-negotiable.