Saudi spies tracked phones using flaws the FCC failed to fix for years – By Zack Whittaker (TechCrunch) / March 29 2020
Lawmakers and security experts have long warned of security flaws in the underbelly of the world’s cell networks. Now a whistleblower says the Saudi government is exploiting those flaws to track its citizens across the U.S. as part of a “systematic” surveillance campaign.
It’s the latest tactic by the Saudi kingdom to spy on its citizens overseas. The kingdom has faced accusations of using powerful mobile spyware to hack into the phones of dissidents and activists to monitor their activities, including those close to Jamal Khashoggi, the Washington Post columnist who was murdered by agents of the Saudi regime. The kingdom also allegedly planted spies at Twitter to surveil critics of the regime.
The Guardian obtained a cache of data amounting to millions of locations on Saudi citizens over a four-month period beginning in November. The report says the location tracking requests were made by Saudi’s three largest cell carriers — believed to be at the behest of the Saudi government — by exploiting weaknesses in SS7.
SS7, or Signaling System 7, is a set of protocols — akin to a private network used by carriers around the world — to route and direct calls and messages between networks. It’s the reason why a T-Mobile customer can call an AT&T phone, or text a friend on Verizon — even when they’re in another country. But experts say that weaknesses in the system have allowed attackers with access to the carriers — almost always governments or the carriers themselves — to listen in to calls and read text messages. SS7 also allows carriers to track the location of devices to just a few hundred feet in densely populated cities by making a “provide subscriber information” (PSI) request. These PSI requests are typically to ensure that the cell user is being billed correctly, such as if they are roaming on a carrier in another country. Requests made in bulk and excess can indicate location tracking surveillance.
But despite years of warnings and numerous reports of attacks exploiting the system, the largest U.S. carriers have done little to ensure that foreign spies cannot abuse their networks for surveillance.
Continue to article: https://techcrunch.com/2020/03/29/saudi-spies-ss7-phone-tracking/