Rayzone Piranha
Rayzone Group · Israel
Confidence 3/5
Technical capabilities
Rayzone Group sells a portfolio of mobile-network intelligence and tactical interception products. The Piranha family is a portable LTE-capable cell-site simulator with passive and active modes, broadly comparable in operational role to L3Harris StingRay or Hailstorm equipment but engineered for export to non-Five-Eyes customers. Echo is a Signaling System 7 (SS7) and Diameter exploitation platform for cellular geolocation against subscribers worldwide, leveraging vulnerabilities in inter-carrier signaling protocols.
InterApp, a product family disclosed by Forbes in 2020, performs over-the-air smartphone data acquisition using a combination of cellular and Wi-Fi based attacks. Public technical detail on the exact capability set is limited.
Documented use
- Bangladesh: Forbes (March 2020) reported sale of Piranha and InterApp to Bangladesh’s National Telecommunication Monitoring Centre.
- Indonesia: Citizen Lab and Haaretz reporting (2023) documented Echo geolocation operations associated with Indonesian customers.
- Mexico: reported procurement by federal entities (multiple Mexican press sources).
- Singapore, Switzerland and others: reported in vendor exhibition records and procurement databases.
The exact mapping between Rayzone tooling and specific human-rights violations is less directly established than for Pegasus or Predator. The capabilities provided (SS7 geolocation, IMSI catchers) are by their nature tactical surveillance tools with substantial misuse potential.
Customer states
Public reporting identifies confirmed or strongly indicated customers in Bangladesh, Indonesia, Mexico, Singapore and unspecified Gulf states. Rayzone states compliance with Israeli Defense Export Controls Agency (DECA) licensing.
Legal and sanctions status
- Not on the US Department of Commerce Entity List.
- Not designated by US OFAC.
- Subject to Israeli DECA export-licensing controls.
- SS7 and Diameter exploitation is technically a vulnerability of telecommunications infrastructure rather than a product flaw; carriers globally have varying defensive postures against signaling-layer attacks.
Technical countermeasures
- End-to-end encrypted messaging: defeats SS7-based metadata interception of message content. Signal recommended.
- Disable 2G in handset settings: defeats one category of downgrade attacks used by IMSI catchers.
- Avoid SMS for two-factor authentication: SMS is interceptable via SS7 manipulation. Prefer hardware security keys (FIDO2) or authenticator apps.
- Airplane mode at protests and sensitive meetings: removes the device from cellular addressability.
- Carrier choice and roaming awareness: SS7 geolocation requires inter-carrier visibility. Some carriers have implemented partial signaling firewalls.
- Burner devices and SIMs: compartmented identity in high-risk threat models.
Sources
Update log
May 8, 2026: Entry created. Sourced from Forbes investigative reporting on the InterApp and Piranha product lines, Citizen Lab research into the Israeli surveillance ecosystem, Haaretz coverage, Privacy International SS7 vulnerability documentation, and Rayzone corporate disclosures.
There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.
