Saudi Arabia has reportedly been exploiting weaknesses in the global mobile telecoms network to track the movements of its citizens as they traveled around the US, according to a new report from The Guardian.
The news outlet spoke with a whistleblower who presented millions of alleged secret tracking requests which appear to show a systematic spying campaign conducted by the kingdom.
According to the data, millions of secret tracking requests came from Saudi Arabia over a four-month period which began in November of last year. These requests, which tried to establish the locations of Saudi-registered phones in the US, appear to originate from the country's three largest mobile phone operators.
- Did Saudi Arabia hack the phone of Amazon CEO Jeff Bezos?
- Mozilla boosts anti-tracking protection in Firefox update
- Your iOS browser could be sending tracking data to China
In a statement to The Guardian, the whistleblower explained that they could find no legitimate reason for the high volume of requests for location information, saying:
“There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies.”
SS7 global messaging system
The data shows requests for mobile phone location data that was routed through the aging SS7 global messaging system which allows mobile operators to connect users around the world. When someone tries to call another person in a different country, the SS7 network is used to connect them to one another.
However, the SS7 system also enables mobile phones to be tracked. When a mobile carrier in the US receives a Provide Subscriber Information (PSI) SS7 message from a mobile phone operator in another country, they are essentially getting a tracking request. These requests are used to help foreign operators register roaming charges but if abused, they can be also be used for location tracking.
The whistleblower's data appears to show PSI requests from Saudi Arabia that pinged a major US telecom. Between November 2019 and March 2020, the three largest Saudi mobile operators, Saudi Telecom, Mobily and Zain, sent the US mobile phone operator a combined average of 2.3m tracking requests per month.
Based on this, the data appears to suggest that Saudi mobile phones were being tracked as they moved throughout the US as often as two to 13 times per hour. This high frequency of PSI requests suggests that Saudis in the US could have been tracked on a map to within hundreds of meters of accuracy in a city.
As of now, it is not known which individual Saudi mobile users were tracked during the four-month campaign but there will likely be further investigations into the matter now that it has been exposed.
- Also check out our complete list of the best VPN services
Via The Guardian
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.