Security researchers have identified two spying campaigns exploiting vulnerabilities in global telecom infrastructure to track individuals’ locations. These campaigns are part of a broader exploitation by surveillance vendors to access global phone networks.
The Citizen Lab, a digital rights organization, has released a report detailing these campaigns. The spying entities, unnamed in the report, masqueraded as legitimate cellular providers to access networks and track their targets’ location data.
The findings highlight the ongoing misuse of known flaws in global phone technologies. One flaw is the insecurity of Signaling System 7 (SS7), a protocol for 2G and 3G networks, which lacks authentication and encryption, allowing rogue operators to exploit its vulnerabilities for geolocation.
Diameter, a newer protocol designed for 4G and 5G networks, aims to improve security but is still exploitable due to inconsistent implementation of protections. Attackers can also revert to exploiting SS7 when necessary.
Both campaigns leveraged access to specific telecom providers used as points for surveillance within the network. These providers include Israeli operator 019Mobile, British provider Tango Networks U.K., and Airtel Jersey, linked to previous surveillance activities.
Sure CEO Alistair Beak stated that the company does not intentionally lease access for tracking purposes and has measures to prevent misuse of its signaling services. 019Mobile and Tango Networks did not respond to requests for comment.
Researchers believe the campaigns targeted “high-profile” individuals worldwide, suggesting government customers were behind these operations. Gary Miller, a researcher on the team, indicated a potential link to an Israeli commercial geo-intelligence provider but did not name them.
The first campaign initially relied on exploiting SS7 flaws before switching to Diameter if necessary. The second campaign utilized SMS messages targeting specific “high-profile” individuals’ SIM cards, exploiting a method known as SIMjacker.
Miller emphasized that these campaigns represent just a fraction of an extensive network of global surveillance activities.