Spy Firms Exploit Telecom Flaws to Track Phone Locations
3 min read
A new investigation has revealed how surveillance vendors are quietly exploiting weaknesses in global telecom systems to track people’s locations—often without their knowledge. Researchers say the activity uncovered is likely just a small glimpse of a much larger, ongoing problem.
The findings come from Citizen Lab, a digital rights organization known for exposing surveillance abuses. In its latest report, the group detailed two separate spying campaigns that relied on abusing telecom infrastructure to monitor targets across different regions.
How the Tracking Worked
According to researchers, the companies behind these campaigns operated as so-called “ghost” telecom providers. They posed as legitimate network operators and used that access to tap into global phone systems—allowing them to locate individuals’ devices.
At the center of the issue are long-standing flaws in telecom protocols. One of the most vulnerable is Signaling System 7 (SS7), which has been used for decades to route calls and messages between networks. Because it lacks proper authentication and encryption, attackers can exploit it to track a phone’s location.
Even newer systems aren’t immune. The more modern Diameter protocol, designed for 4G and 5G networks, includes improved security features—but researchers say it can still be misused, especially when protections are poorly implemented. In some cases, attackers simply fall back to exploiting SS7.
Telecom Providers Used as Entry Points
The report found that both surveillance campaigns relied on access to specific telecom providers to carry out their operations. These companies effectively acted as entry and transit points within the telecom ecosystem.
Among those named were 019Mobile, Tango Networks U.K., and Airtel Jersey. This access allowed surveillance vendors—and their government clients—to mask their activity behind legitimate network infrastructure.
Some companies responded to the findings. Sure, the parent company of Airtel Jersey, said it does not knowingly allow its network to be used for tracking individuals and has safeguards in place to detect misuse. Others declined to comment or disputed the claims.
High-Profile Targets and Advanced Techniques
Researchers believe the campaigns targeted individuals around the world, including high-profile figures. One of the operations attempted to exploit SS7 first, then switched to other methods like Diameter if needed.
The second campaign used a different tactic—sending invisible SMS messages directly to a target’s SIM card. These messages, normally used by telecom providers for routine updates, were instead weaponized to turn phones into tracking devices. This technique is similar to the well-known SIMjacker attack.
A Much Bigger Problem
Experts warn that these incidents are likely just the “tip of the iceberg.” According to researchers, millions of similar attempts may be happening globally, often going undetected due to the complexity of telecom systems.
The report underscores a growing concern: as surveillance technology becomes more accessible, vulnerabilities in global infrastructure are increasingly being exploited—not just by governments, but also by private vendors operating in the shadows.
For everyday users, this serves as a reminder that even basic communication systems can carry hidden risks—especially when security gaps remain unaddressed.
Also read : Shade Raises $14M to Reinvent Video Search for Creators
