An interesting story on how the FBI used fake cell sites simulated by Harris StingRay II devices
and asked Verizon to remotely reprogram 3G wireless AirCard in order to track a suspect
was published by Wired.
A question regarding the legality of such methods came up in court.
However, the position of federal agencies is that they don’t need to obtain a probable-cause warrant to use these methods because they don’t collect the content of phone calls and text messages but rather use them to track the location of a suspect.
Harris StingRay II - U.S. Patent and Trademark Office
Explanation how it works:
A Cellular carrier remotely updates the table of mobile networks on the device putting the one simulated by StingRay on top.
Stingray devices are able to initiate a voice channel to the device and ping the device while recording it’s signal strength.
In near field device can be triangulated and located accurate to 1 meter.
StingRay can also be used to monitor and intercept data and voice communications.
Cooperation of mobile carrier is not really required because StingRay can simulate and pretend to be any existing network,
but if a Stingray pretends to be the one, it causes all nearby mobile devices traffic to be redirected to it and requires extra efforts to filter out the one of interest.