Calibrate
IMEI Change
Hunting Mode / Anti Interception Mode
A5 Alert
Location Tracking Alert
Location Spoofing
Channel Lock
C2 Monitoring
cryptoTRACER®
Sandbox
Calibrate
IMEI Change
IMSI Change
Hunting Mode / Anti Interception Mode
A5 Alert
Location Tracking Alert
Location Spoofing
Channel Lock
C2 Monitoring
cryptoTRACER®
Sandbox
Network Scan
To access the control panel, the user dials a secret code and is then prompted for the control panel. A second secret code is required to access the main Special Functions menu.
When you activate the phone for the first time, you should run the calibration function. The phone calibrates itself, tests the GSM network and stores data about the home network, which is part of the self-learning process. It is important that you use a new SIM card (whether you have a contract or a prepaid card) and be in a safe place (connected to a real GSM network).
The user can control the way of IMEI change (after any event like phone call or SMS, on network or IMSI catcher request, etc.) and can also define his own IMEI and perform different protection scenarios this way. For more information, please refer to the user manual.
NOTE: Changing the IMEI is legal as long as you do not do it with a stolen phone. For legal reasons, you can always restore the original IMEI by pressing a button.
XCell Stealth Phones are used legally all over the world, including by law enforcement agencies.
Once the function is enabled, the phone will start SIM cloning and generate valid IMSIs that will be used for the next calls and messages. There are no other cell phones that can perform IMSI changes. Please note that no Internet connection, third-party servers or special SIMs are required. Also, there are no monthly fees or other obligations. Works with any SIM card, but we recommend using MNO SIM cards.
⚠ This feature is not available for XStealth Lite.
The user can switch between Hunting mode (Call and SMS interception detection) and Anti Interception mode (No calls and messages can be sent or received while phone interception is active, regardless of whether GSM Interceptor or SS7 means are used).
All mobile calls and messages are encrypted by default in nearly every mobile network. The GSM standard cipher algorithm is called A5. There are four variants of A5 in GSM, of which only the first three are widely used: A5/0, A5/1, A5/2 and A5/3. The latest interception technologies are capable of intercepting not only calls and messages, but also data (Internet usage). A GSM interceptor or IMSI catcher forces cell phones into A5/0 mode (no encryption), which makes it easy to intercept call data and convert it into audio. This situation is detected by the XStealth and the user is alerted in real time. Once all are enabled, the phone user will be alerted in real time when voice and data connections are intercepted.
Location Tracking warning. Tracking methods used by law enforcement agencies are based on cellular networks. The target phone does not need to be connected to the Internet. In most cases, the assistance of the network operator is required unless SS7 is used to track the location of the phone.
Once enabled, the phone will alert when a location tracking ping is received.
Ki extraction alert: Every time a GSM interceptor tries to obtain Ki (the encryption key stored on the SIM card) by sending so-called “challenges” and waiting for the SIM card to respond with parts of the encryption key to calculate Ki later.
⚠ True GSM location spoofing feature.
Most so-called location spoofing apps are Internet-based and actually only falsify GPS data. This creates a false sense of security because the GSM location is revealed every time the target phone is connected to a mobile network.
GSM location data (Cell ID, Location Area Code, etc.) is often used by law enforcement agencies to determine the location of cell phones.
The XStealth user can choose which cell tower the phone is connected to. In this way, any triangulation technique used for location tracking will produce false results, resulting in a false location. For ease of use, Optimal Location Spoofing should be enabled. XStealth will always connect to the most distant cell tower, whether it is stationary or on the move.
⚠ XStealth is immune to this type of location tracking.
Attention: The mobile data connection is also provided by the network operator (via cell towers, which are easy to find by simple procedures). If the phone is connected to the internet via a mobile hotspot the mobile phone can be located immediately.
The XStealth user can block the ARFCN (uplink and downlink – the radio channel pair over which the cell tower communicates with the cell phone and vice versa) to block a forced handover (the cell phone is forced to silently disconnect from the home network and connect to a fake cell tower impersonated by a GSM interceptor). XStealth remains connected to the real cell tower and in this way prevents “slipping” to a fake cell tower (IMSI catcher) that uses a different ARFCN to force a handover.
XStealth monitors the C2 parameter (cell selection criterion) used by IMSI Catcher and GSM Interceptor to force the connection to the cell phone. It also looks for the identity of neighboring cell towers. When the phone is connected to a GSM Interceptor, no cell towers are displayed as neighboring towers.
A function that immediately checks for network switch-based eavesdropping, also known as SS7 Interception.
We have created a separate, secure partition in which the IMEI engine, the IMSI engine and other security-related software components run smoothly and without the possibility of interference or tampering. The user can verify the integrity of the sandbox and its components at any time.
A live network monitoring tool that searches for IMSI catcher and GSM Interceptor, SS7 Interception and other network anomalies. A real-time eavesdropping detection feature is also available. No false alarms due to intelligent scan mode.
⚠ This feature is only available for XStealth.
The user can check the security of his mobile XStealth connection in real time. Detects call and SMS interception performed by any means: IMSI catcher and GSM Interceptor or SS7 (also known as network switch based interception).
⚠ This feature is only available for XStealth.
This is the Proximity Alert Function. The phone will detect any abnormal LAC (Location Area Code) when stationary,
changes made only by IMSI Catchers and GSM Interceptors in order to force connection.
Multi-Layer Security Protocol® – MLSP® is a revolutionary end-to-end SMS encryption developed by XCell Technologies.
Secure encrypted messages can only be exchanged between phones that have XCrypt MLSP® installed. If a secure message is sent to a device that does not have XCrypt MLSP® installed, no message will be received from a device without XCrypt MLSP®.
XCrypt provides 100% secure SMS communications that not only uses strong military-grade encryption, but also adds a new layer of security by exploiting the GSM network via MLSP® to ensure there is no way to intercept text messages or metadata, even in encrypted mode. Taking advantage of the GSM network architecture and SMS transport protocol, XCrypt is able to send and receive encrypted and uninterceptable messages. This app uses a brand new patented technology to send and receive encrypted messages.
Microphone Lock
The user can lock the microphone at any time to prevent remote activation and to listen to the surroundings.
Camera Lock
The user can lock the camera at any time to prevent remote activation for spy pictures and movies.
For ease of use, the main monitoring and alert functions are also displayed on the home screen. Since the main home screen is anonymous and looks like any other smartphone, a simple swipe across the screen displays all the monitoring functions on the screen.
Each time the user makes a call, the XStealth checks the standard GSM network encryption (A5/1) and detects whether the call is intercepted over the air (by a GSM interceptor) or at the network exchange level (SS7) by pinging the network core. In case of an intercepted call, the XStealth displays a visual warning.
XStealth displays a visual warning before making a phone call that is intercepted or unsafe. The same visual warning is displayed before answering the call if an incoming call is intercepted in any way.
All Android Ultra Secure Stealth Phones come with paired wall chargers. When another external device is connected via USB cable (including external batteries, PCs and laptops, forensic tools, service boxes, etc.), the data connection is terminated and the self-destruct mechanism is triggered. The entire motherboard, including the chipset, is automatically destroyed.
⚠ Android Ultra Secure Stealth Phones are shipped with disabled function. Activation only upon customer request before shipment.
When the phone is connected to an external device – except for the supplied wall charger – the entire motherboard and chipset are automatically shut down.
⚠ Android Ultra Secure Stealth Phones are shipped with disabled feature. Activation only upon customer request before shipment.
FinSpy is a field-proven remote monitoring solution that enables governments to address today’s challenges in monitoring mobile and security targets who regularly change location, use encrypted and anonymous communication channels and reside abroad. FinSpy provides access to information such as contacts, SMS/MMS messages, calendars, GPS location, images, files in memory and recordings of phone calls.
All exfiltrated data is transferred to the attacker via SMS messages or over the Internet. Personal data, including contacts, messages, audios and videos, can be exfiltrated from most popular messengers.
FinSpy bypasses 40 regularly tested antivirus apps. Therefore, it does not make sense to install an antivirus. XCell Technologies has opted for another effective solution to bypass the installation of malware and malicious software. There is a FinSpy detection algorithm installed deep in the XROM firmware that not only detects any intrusion attempt, but also blocks any code execution. Local HTTP ports used by FinSpy were blocked: :8999 and :8899.
A screenshot showing a real 3G downgrade attack. XStealth hunting mode was enabled (intercepting IMSI Catcher).
What is a 3G downgrade attack?
Some GSM interceptors are unable to intercept 3G cell phones directly, use high-power jammers that block 3G frequencies in the vicinity, forcing the target phone to perform a so-called “network downgrade” where it switches to 2G frequencies where it can be easily intercepted.
The phone switches to 2G mode without the user accepting or acknowledging it.
Moreover, some modern GSM interceptors can display the 3G icon on the top of the phone’s screen while the phone is actually connected to 2G.
This way, any suspicion of the phone user is avoided and, at the same time, all warnings that might be triggered by some installed apps that monitor the mobile connection type are suppressed.
In this image: While the 3G network icon is displayed at the top of the screen, Network Scan shows the 2G network and a downgrade attack attempt.
The screen capture is neither digitally generated, nor a lab test. It only shows a real attack detected by an XStealth Ultra Secure Stealth Phone.
There is always a delicate balance between special features and phone performance.
XStealth Lite and XStealth come as well-balanced hardware, firmware and default apps. XROM – our proprietary firmware – requires a lot of resources. Continuous network scanning is a background process that, together with baseband access, consumes about 75% of system resources.
XStealth Lite and XStealth are not consumer products, as they are intended for maximum privacy and security, which cannot be achieved at the same time as maximum phone usability.
⚠ Do not expect high-speed performance compared to the latest iPhone or Android phones.
Since these are security-oriented products, we take into account that your personal security and privacy may reasonably affect the phone’s usability.
There are more disadvantages than advantages.
Once an Android phone is de-googled, there are a few major drawbacks.
Any apps that have Play Store dependencies will not work at all or will work very slowly. Also, phone notifications are severely affected. The user has to type in the app, which makes the notifications useless. The phone needs a restart from time to time, as it becomes unbearably slow with apps like Telegram.
The main problem is the instability of the system, since Android was developed by Google: Removing some Google components (e.g. Play Store) can cause the phone to fail permanently, making it unusable. Remember that phone, messaging and contact apps (to name a few) are part of the Android Open Source Project (AOSP) and developed by Google. So technically you are still using a Google product, but it doesn’t come with the same baggage, but with system instability.
