Introduction
In a world where connectivity reigns supreme, the security of telecommunications infrastructure has become paramount. Yet, an investigation by Citizen Lab has uncovered sophisticated surveillance campaigns exploiting these networks in unsuspecting ways. These findings reveal how covert actors use global telecom infrastructures to follow individuals without their knowledge.
Elaborate Surveillance Campaigns
The investigation reveals two main campaigns where actors exploit 3G and 4G signaling network protocols. These actors use multiple techniques to track their targets, combining direct device exploitation via malicious SMS with signaling protocol manipulations.
SIM Card Exploitation
One identified campaign sends SMS containing hidden SIM card commands, allowing the extraction of location information. These attacks potentially transform targeted devices into tracking beacons without users being aware.
A 2025 investigation by security teams from multiple operators found these techniques were used in over 20 countries, including the UK, Israel, and China.
A Pervasive Surveillance Marketplace
The report also highlights the existence of a black market for surveillance where commercial surveillance vendors (CSVs) provide customized tools to carry out these operations. These tools allow operators' identities to be spoofed and signaling protocols manipulated to evade defenses and mask attribution.
Exploited Global Infrastructures
The attacks leverage identifiers and infrastructure associated with operators from various countries, demonstrating the global extent of these operations. For instance, networks from countries like Sweden, Italy, and Mozambique were targeted, showing that no one is immune.
Conclusion
This investigation underscores the urgency of strengthening telecom infrastructure security to prevent such exploitation. Decision-makers in telecommunications must prepare to face increasingly sophisticated threats and protect their users' privacy.
Let's discuss your project in 15 minutes.