Surveillance vendors abuse telco access to track phone locations
Original: Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
Why This Matters
Reveals ongoing exploitation of telecom vulnerabilities for mass surveillance tracking
Security researchers uncovered two spy campaigns exploiting telecom network vulnerabilities to track people's locations. Surveillance vendors posed as legitimate cellular providers to piggyback network access and target location data through SS7 and Diameter protocol weaknesses.
Citizen Lab published a report detailing two surveillance campaigns that exploited known flaws in global telecoms infrastructure. The surveillance vendors operated as 'ghost' companies pretending to be legitimate cellular providers, gaining network access to track targets' locations. The campaigns abused vulnerabilities in SS7 protocols used by 2G and 3G networks, which lack authentication and encryption protections. Despite newer Diameter protocol for 4G and 5G networks including security features, researchers found ways to exploit it when providers don't implement protections properly. Both campaigns used three specific telecom providers as surveillance entry points: Israeli operator 019Mobile, British provider Tango Networks U.K., and another unnamed provider. These companies repeatedly served as transit points, allowing surveillance vendors and government customers to hide behind their infrastructure while conducting location tracking operations.