GoKawiilSecurity researchers have uncovered two separate spying campaigns that are abusing well-known weaknesses in the global telecoms infrastructure to track people’s locations. The researchers say these two campaigns are likely a small snapshot of what they believe to be widespread exploitation of surveillance vendors seeking access to global phone networks.
On Thursday, the Citizen Lab, a digital rights organization with more than a decade of experience exposing surveillance abuses, published a new report detailing the two newly identified campaigns. The surveillance vendors behind them, which Citizen Lab did not name, operated as “ghost” companies that pretended to be legitimate cellular providers, and would piggyback their access to those networks to look up the location data of their targets.
The new findings reveal continued exploitation of known flaws in the technologies that underpin the global phone networks.
One of them is the insecurity of Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that for years has been the backbone of how cellular networks connect to each other and route subscribers’ calls and text messages around the world. Researchers and experts have long warned that governments and surveillance tech makers can exploit vulnerabilities in SS7 to geolocate individuals’ cell phones, as SS7 does not require authentication nor encryption, leaving the door open for rogue operators to abuse it.
The newer protocol, Diameter, designed for newer 4G and 5G communications, is supposed to replace SS7 and includes the lacking security features of its predecessor. But as the Citizen Lab highlights in this report, there are still ways to exploit Diameter, as cell providers do not always implement the new protections. In some cases, attackers can still fall back to exploiting the older SS7 protocol.
The two spy campaigns have at least one thing in common: Both abused access to three specific telecom providers that repeatedly acted “as the surveillance entry and transit points within the telecommunications ecosystem.” This access gave the surveillance vendors and their government customers behind the campaigns the ability to “hide behind their infrastructure,” as the researchers explained.
According to the report, the first one is Israeli operator 019Mobile, which researchers said was used in several surveillance attempts. British provider Tango Networks U.K. was also used for surveillance activity over several years, the researchers say.
Techcrunch event Meet your next investor or portfolio startup at Disrupt
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. Meet your next investor or portfolio startup at Disrupt
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. San Francisco, CA | REGISTER NOW
... continue reading