Hackers can use the technology that makes cellphone roaming possible to pinpoint user locations and track people around the world, a new report from University of Toronto’s Citizen Lab has claimed.
The researchers argue that the underlying technology is so full of holes that it’s practically inviting malicious actors to abuse it, which can be both illegal organizations or nation-states.
“Foreign intelligence and security services, as well as private intelligence firms, often attempt to obtain location information, as do domestic state actors such as law enforcement,” the paper reads. “Notably, the methods available to law enforcement and intelligence services are similar to those used by the unlawful actors and enable them to obtain individuals’ geolocation information with high degrees of secrecy.”
The vulnerability Citizen Lab’s researchers emphasized is in the IP Exchange (IPX), a network that helps telecom companies swap data about their customers. As per the report, more than 750 mobile networks in almost 200 countries around the world use it. Furthermore, the companies can sell (and resell) access to the IPX, meaning the total number of users is probably much, much larger.
None of this is visible to the end-user.
This isn’t purely theoretical, either. Citizen Lab found multiple examples of how the network’s been abused, from Vietnam, to the African continent. One particular case describes “likely state-sponsored activity” used to identify behavioral patterns of users in Saudi Arabia who were traveling to the United States.
The researchers didn’t blame any one company or country, but rather said this is the fault of the entire telecommunications industry that lacks proper security standards, as well as legislators as there’s an acute lack of legal or regulatory consequences.
More from TechRadar Pro
- Millions of Android phones are shipping with malware already installed
- Here's a list of the best firewalls today
- These are the best malware removal tools around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.