Security researchers have revealed two distinct spying operations that exploit well-documented vulnerabilities within global telecoms infrastructure to track individuals’ locations. According to the Citizen Lab, a digital rights organisation with extensive experience in highlighting surveillance violations, these campaigns represent only a fraction of what is likely a broader exploitation of mobile networks by surveillance vendors.
On Thursday, the Citizen Lab published a report detailing these new findings, which involve surveillance vendors masquerading as legitimate mobile operators to access network resources and monitor the locations of their targets. The report underscores ongoing exploitation of known weaknesses in technologies essential to global telecommunication.
Central to these vulnerabilities is the Signaling System 7 (SS7), a protocol used in older 2G and 3G networks that facilitates communication between cellular networks globally. Experts have long cautioned that due to the lack of authentication or encryption within SS7, it can be exploited by malicious entities to locate individuals. The newer Diameter protocol, designed for 4G and 5G networks and intended to address SS7’s deficiencies, still has exploitable weaknesses, particularly since not all telecom providers implement its security measures effectively.
Both spying campaigns reportedly targeted three specific telecom providers that acted as gateways for surveillance operations. This granted the vendors, along with their government clients, the means to operate covertly. The Israeli provider 019Mobile was implicated, as well as the UK-based Tango Networks, both of which facilitated various surveillance efforts. Another provider, Airtel Jersey, known to be linked to previous surveillance activities, was also involved.
While Sure’s CEO, Alistair Beak, asserted that the company does not knowingly allow tracking or interception activities, 019Mobile and Tango Networks did not respond to requests for comments.
Citizen Lab identified that these campaigns targeted high-profile individuals globally, suggesting substantial backing and integration into mobile signage systems. Some evidence hints at an Israeli geo-intelligence company with specific telecommunications capabilities, although no names were disclosed.
The first campaign exploited SS7 vulnerabilities and then switched to leveraging Diameter when initial attempts failed. The second campaign utilised a different method, sending specialized SMS messages to a select high-profile target. These messages are typically employed by telecom providers to communicate with subscriber SIM cards without alerts to the user. In this case, they were used maliciously to convert the target’s phone into a tracking device, utilizing a technique known as SIMjacker.
Gary Miller, a researcher involved in the investigation, noted that while many such attacks are occurring, these two campaigns highlight the alarming prevalence of targeted surveillance. Miller cautioned that this investigation only scratched the surface of a vast number of global attacks, underlining the critical need for heightened scrutiny in the mobile telecommunications landscape.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
