Saudi Arabia Exploiting Wireless SS7 Flaw to Track Targets In The United States

from the ill-communication dept

In 2017, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn’t new, a 2016 60 Minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like ordinary carrier to carrier chatter among a sea of other, “privileged peering relationships.”

Telecom carriers and lobbyists have routinely downplayed the flaw and their multi-year failure to do much about it. In 2018, the CBC noted how Canadian wireless providers Bell and Rogers weren’t even willing to talk about the flaw after the news outlet published an investigation showing how (using only a mobile phone number) it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dub?.

Now there’s another wake up call: a new report by The Guardian indicates that Saudi Arabia has likely been exploiting the flaw for years to track and monitor Saudi Arabian targets when they travel in the United States:

“The data suggests that millions of secret tracking requests emanated from Saudi Arabia over a four-month period beginning in November 2019. The tracking requests, which sought to establish the US location of Saudi?registered phones, appeared to originate from Saudi?s three biggest mobile phone companies.

The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. ?There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,? the whistleblower claimed.

U.S. carriers like AT&T, Verizon, and T-Mobile routinely receive Provide Subscriber Information (PSI) messages from foreign phone companies to help them track roaming costs for users on foreign cell plans traveling abroad. But excessive use of such messages usually indicates a more nefarious intent. The Guardian couldn’t directly tie the excessive use of PSIs by Saudi telcos to the Saudi government, but most security experts believe Saudi’s history makes the intention fairly clear:

“The whistleblower?s data…suggests that the three largest Saudi mobile operators ? Saudi Telecom, Mobily and Zain ? sent the US mobile phone operator a combined average of 2.3m tracking requests per month from 1 November 2019 to 1 March 2020. The data appears to suggest the Saudi mobile phones were being tracked as they travelled through the US as often as two to 13 times per hour. Expert said that frequency suggests users could probably have been tracked on a map to within hundreds of metres of accuracy in a city.”

One reason U.S. telcos may not have been particularly keen on cracking down on the practice is that the U.S. government and the NSA very likely exploit the SS7 flaw as well. Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the practice. Of the major U.S. carriers, only AT&T was willing to respond to the Guardian, insisting “we have security controls to block location-tracking messages from roaming partners.” It’s far less likely the NSA’s longstanding BFF blocks similar requests from U.S. intelligence agencies.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Saudi Arabia Exploiting Wireless SS7 Flaw to Track Targets In The United States”

Subscribe: RSS Leave a comment
Upstream (profile) says:

It’s far less likely the NSA’s longstanding BFF blocks similar requests from U.S. intelligence agencies.

I am no expert on the details of the various phone or Internet systems, but the way I understand it is that the NSA and other US intelligence agencies probably don’t even need to make such requests because the NSA, AT&T, and much of the Internet / phone system backbone are largely indistinguishable.

Leave a Reply to Anonymous Coward Cancel reply

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...