Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say

· security privacy · Source ↗

TLDR

  • Citizen Lab identified two surveillance vendor campaigns exploiting SS7 and Diameter protocol flaws to geolocate targets worldwide.

Key Facts

  • Both campaigns abused access through three telecom providers: Israeli operator 019Mobile, UK-based Tango Networks, and Airtel Jersey (now Sure).
  • The first campaign exploited SS7 weaknesses in 2G/3G networks, falling back to Diameter flaws in 4G/5G when needed.
  • The second campaign sent silent SIM-targeting SMS messages to at least one high-profile target, turning their phone into a tracking device.
  • Researcher Gary Miller described this SIMjacker-style attack as “fairly common” and said he has observed thousands over the years.

Why It Matters

  • SS7’s lack of authentication has been a known flaw for years; these findings show Diameter’s newer protections are also being bypassed.
  • Citizen Lab says the two campaigns represent “a universe of millions of attacks” globally, not isolated incidents.

Lorenzo Franceschi-Bicchierai / TechCrunch · 2026-04-23 · Read the original