Researchers at Citizen Lab reported that surveillance vendors exploited weaknesses in telecommunications infrastructure to impersonate cellular providers and harvest users’ location data. The campaigns used hidden SMS commands and abuses of SS7 and Diameter signalling protocols to track devices, with traffic routing evidence pointing toward an Israeli company. #CitizenLab #SS7
Keypoints
- Citizen Lab found vendors posing as legitimate cellular providers to pinpoint victims’ locations.
- One campaign sent hidden SMS commands aimed at turning devices into covert tracking beacons.
- Attackers exploited SS7 vulnerabilities and unprotected Diameter implementations across 3G/4G/5G networks.
- Three mobile networks repeatedly served as entry and transit points for the surveillance traffic.
- Traffic routing analysis suggests involvement of an Israeli company and indicates large-scale unauthorized signaling access.
Read More: https://therecord.media/surveillance-companies-exploiting-telecom-systems-to-track-location