Cell Phone Scanner

I am seeking some sort of cell phone scanner, that will identify call phones by their MIN or ESN or similar “phone codes.”

My goal would be to associate these codes with my contact list. Then, trigger events based on the presence of these devices. e.g. As my daughter or son-in-law approach our home, the system would sniff/see their cell phone ID#s. Initially, these would be “unknown user.” Later, I would manually associate these ID#s to their names in our contact list. Thereafter, anytime our system “sees” their numbers arrive within range, out home would say “(daughter’s name) has arrived,” etc. Similarly, SmartThings may even “change modes” if their ID#s are present, but ours are NOT present. (e.g. switch to some sort of “family-visitor mode” – which would disable some features that they don’t want/enjoy when we are on vacation, and they are staying at our home.

Similarly, when friends visit, I would manually associate their cell phone ID#s with their contact. This way, I can ID them (even if they don’t join my WiFi network, etc.)

I’m NOT looking to do anything illegal (like cloning ID#s, etc.) I’m simply looking to LEVERAGE what’s being broadcast by the smartphones we use nowadays, to positively-ID family, friends, etc. Heck, even “ID” neighbors, the mailman, etc. NOT that I really/necessarily know their names and such. I’d simply like to be able to “log” if/when they come within range of our home. (e.g. Mrs. Nelson arrived Saturday at 11:49am, and departed at 11:53am – so I know that she probably came by, but we weren’t home, so she departed.) Or, “Mailman arrived on Tuesday at 2:35pm, and departed at 2:37pm” – which probably means that he left a package at our front doorstep. I don’t necessarily need to know his/her name. It would just be kewl to initially “blindly ID” him/her based on their first visit to our doorstep; and then log or email alert and such any subsequent visits.



The systems that I am aware of (i.e., in use by shopping malls, etc.), make use of the MAC addresses of the WiFi and/or Bluetooth radios.

While these are slightly more likely to be “turned off” from time to time on an average cell phone, they do not require particularly difficult to acquire technology (i.e., cellular) to utilize.

I would check who’s connected to the wifi and match their mac addresses to a user. I did this a year or two ago for our phones and it worked well. This assumes they’re on your wifi though.


Yeah this would probably be the easiest way, and it would probably still be a dodgy solution to be able to reach out to your access point (unless you use one with a friendly API) and dump the list of connected clients so you can tell who’s currently “visiting” based on the fact that they’re connected.

For you and your family it should be relatively easy, because you know everyone should be connecting automatically when they arrive. For people that don’t connect or new visitors, not so much.

What I would do if I wasn’t so lazy would be to create a bunch of simulated presence sensors for “people” that might visit. Then I’d look into something like that Netatmo camera that **allegedly **does facial recognition, and try to work up some solution that recognizes people and changes the state of the visitors from absent to present.

I have NO IDEA how well that would work, but good luck if you decide to run with it… :slight_smile:

As mentioned, using WiFi/MAC addresses is probably going to be significantly similar and if you do, you can use this:

1 Like

I know how to do this via WiFi with virtual switches.
But, that requires them to have WiFi turned on, and for me to have them connect to my wifi. (I already do this for my phone, and my wife’s phone.)

What I’m seeking, is a cell phone scanning device, that leverages 3G and/or 4G signaling to detect the built-in phone serial/ID numbers. e.g. something that would be more passive on their behalf. e.g. I don’t want to have my neighbors, mailman, etc. join my wifi. Even when we host parties or have friends over, most of them don’t really care/need to join our wifi. Yet, after they leave, I would like to associate their phone’s ID# to their name in our contact lists. Ever after (as long as they keep the same phone,) our system should be able to ID them. (And, “yes,” I would then leverage virtual presence sensors to track their presence/departure.

I also already have a Netatmo Welcome facial recognition camera. It does an okay job of recognizing most people when they enter our unit. But, I’d like to ID them BEFORE they enter our unit, too. This way, our home automation system can pre-notify us as they approach our home, then personally greet them when the front door sensor is opened, too.

I haven’t researched, but I presume there are hacker devices that can read the MAC address from any turned on WiFi or Bluetooth device without it actually joining the LAN network.

My assumption us that these are much easier to obtain than something which makes the same attempt from 3G/4G signals.

1 Like

Yeah I think everyone sort-of understands what the OP wants, as well as the fact that it’s technically difficult / somewhat expensive and maybe even borderline questionable in the legal sense, regardless of the intentions.

It’s basically a pseudo-stingray device, used to “ask” nearby cell phones to join the party by pretending to be a cell station. It’s not impossible to build your own, but it’s certainly not trivial, and considering the use case it almost makes no sense.

You would need a software-defined radio (which retails for around $1k), and a whole bunch of ultra wideband antennas to cover all the cellular frequencies that the major carriers use. I saw a couple of guys do this a few years back using a pair of RFX900 daughterboards (which still retail for about $300 a piece). The software itself is easy enough to come by though, since you can use stuff like OpenBTS or Redz SIGINT which are open source.

Either way, you’re looking at several hundred bucks worth of hardware (assuming you don’t count the use of a dedicated PC) that would only serve this particular purpose.

Even if the overall hardware cost is not prohibitive for this particular case though, you have to literally go “all the way” if you don’t want to screw up your own cell phone coverage and that of all your visitors. Cell phones will camp to your “cell tower” because it’s the strongest signal, and you would have to create an indirect connection from the phone --> your station --> network (an actual man-in-the-middle in the purest sense :slight_smile: ) and you would have to ensure a mobile patch-through so that your guests can continue to receive calls / texts / data when they’re connected to your station.

Like I said, certainly not impossible, but definitely doesn’t seem to be worth the effort.

1 Like


Still haven’t done in-depth research, but this article shows how much information can be gleaned from average cell phones that just search for a WiFi Access Point…

There are definitely ways of doing this via Wifi and promiscuous scanning… my curiosity though is for bluetooth. (as my GF doesn’t often leave the Wifi on on her cell phone, and Wifi is known to drop into sleep mode when the phone sleeps.)

Yeah, I don’t know how this would be legal to do. You would probably be able to use like a AT&T MicroCell, to do something like this though.

This is probably about as close as you’re going to get, probably won’t work for WCDMA or LTE, will probably cost around $1000 and it’s possible you may violate federal laws:

But go nuts and let us know how it works out :smile:


I would suggest watching ALL of this…

If you’re lucky…

Possible, but you’d still have to a) get a bunch of femtocell devices for each carrier, unless all your friends are on the same network and b) figure out some additional man-in-the-middle setup to be able to intercept the base station communications to be able to figure out who’s connected to it, without interfering with the communications back over your broadband connection back to the carrier.

1 Like

The thing that got me started thinking about this, are the in-home cell phone hotspots that carriers provide to perform cell-over-IP services in your home. Sprint, AT&T, and others offer these little mini-routers that create a 3G hotspot in your home, then route your calls over your IP network. The AT&T hotspot is actually manufactured by Cisco.

I was just hoping there was some way to get access to some sort of log file via one of these LEGAL, “off the shelf” products, so I can see all of the phone ID numbers that connected to my device. I’m not seeking the the name of the user, or their phone number, or anything ILLEGAL. I’d simply match their unique-visits, to whatever ID number was in the log. e.g. if my daughter visited, and one ONE new/unique ID number appeared in the router logs, then I could be pretty sure it was her. If/when she revisits, and the same number appears in the logs, then I KNOW that it’s hers. I can then create “events” based on that ID# appearing in the logs.

I’m not looking to spoof/clone ID#s, or correlate them to phone numbers, or anything funky/illegal.

Nope, those things are ‘locked down’ and would only work for a specific network anyway so unless you have one for each network or all the people you expect to be going to your house all on the same network, you’re going to be out of luck.