Surveillance firms abused telco access to track phone locations globally
Researchers at Citizen Lab have uncovered that two surveillance vendors exploited their access to cellular network infrastructure to monitor people's phone locations across multiple countries. The discovery reveals significant security vulnerabilities in how telecommunications companies manage access to sensitive location data.
TechnologySecurity researchers at Citizen Lab have exposed a troubling practice where two surveillance vendors gained unauthorized access to the core infrastructure of cellular networks to track individuals' phone locations worldwide. The investigation demonstrates how companies with legitimate access to telecommunications systems can abuse that privilege to conduct mass surveillance operations.
The vendors exploited the backbone systems that connect mobile networks, allowing them to pinpoint the physical locations of numerous targets across different continents. This type of access typically requires careful oversight and strict security protocols, yet the research indicates these safeguards were insufficient to prevent misuse.
The findings highlight critical vulnerabilities in how telecommunications infrastructure is protected and monitored. Cellular networks maintain detailed location data as part of their normal operations, and vendors who provide services to telcos have significant access to these systems. The Citizen Lab research suggests that current regulatory frameworks and security measures are inadequate to prevent surveillance companies from exploiting this privileged access.
This discovery raises serious questions about the relationship between telecommunications providers and third-party vendors. While some surveillance vendors operate legitimately for law enforcement purposes, the research indicates that without stronger oversight mechanisms, these same tools can be repurposed for unauthorized tracking of civilians.
The exposure of this abuse underscores the need for telecommunications companies to implement stronger access controls, enhanced monitoring systems, and more rigorous vendor vetting procedures. Regulatory bodies and governments will likely face pressure to establish clearer guidelines governing how much access external vendors can have to core network infrastructure and location data.
Open in app →