This hidden SIM flaw lets spies track your location, and using a VPN can't help

News
By published

The campaign bypasses IP-based tracking entirely by abusing mobile network signalling systems

Giant eye watching at man working at the computer. Surveillance, hacking, internet security concept. Flat vector illustration.
(Image credit: Moor Studio via Getty Images)
  • Citizen Lab found two surveillance actors exploiting global telecom flaws
  • Attackers use hidden SMS and signalling systems to track targets' location
  • As attackers completely bypass the internet, a VPN can’t protect you

Security researchers have just unveiled details of two covert surveillance campaigns that exploit weaknesses in the global telecom infrastructure.

In a report published on Thursday, Citizen Lab explains that attackers abuse the signalling systems mobile operators use to support roaming, route messages, and locate devices on the network. The weaknesses were used to track certain subscribers or to send invisible SMS messages that retrieved the target's location.

The findings point to a wider problem in the global mobile ecosystem, where the connections between operators can be abused. Crucially, users can do little on their end to protect themselves from these attacks; even those using the best VPN service are, in fact, vulnerable to this type of surveillance.

Article continues below

What Citizen Lab's report found

Citizen Lab's report focuses on two separate sophisticated surveillance actors that targeted the infrastructure mobile networks use to communicate with each other.

These systems are what let your phone connect while roaming, but also do simple things like receive texts and stay reachable when you move between cell towers.

Crucially, the findings, "for the first time, directly link combined 3G and 4G network attacks to mobile operator infrastructure," researchers explain.

Citizen Lab claims that attackers abused these trusted connections to try to geolocate certain mobile users.

The first campaign used older 3G and newer 4G signalling systems known as SS7 and Diameter. Citizen Lab says the attackers used these systems to locate a high-profile target described by their operator as a "VVIP."

The second campaign used a different method: instead of sending a normal text that the user would see, attackers sent hidden, completely invisible SMS messages that were only visible to the SIM card inside the phone. That message tried to make the SIM collect location information and send it back. The target wouldn't even know it happened; it was entirely behind-the-scenes.

The worst part is perhaps that carrying out these attacks doesn't require you to accidentally download malware or fall for a scam. Attackers can simply compromise the mobile network around your phone, or quietly hijack the SIM card directly.

Why a VPN cannot help

A mobile phone with a generic VPN screen and a world map of the server network in the background.

(Image credit: Getty Images / NurPhoto)

People who care about staying anonymous online often try out one of the most private VPNs in order to keep their activity safe. But even a top-notch VPN client can't protect you from this attack.

A VPN is designed to protect your internet traffic. It can mask your IP address, encrypt the data that leaves your device, or make it look like you're browsing from a different location. These features make VPNs indispensable for privacy, security, and even avoiding censorship in certain countries.

But the attacks described by Citizen Lab don't appear to rely on your IP address at all. The attackers aren't concerned with where your browser says you are.

This is the crucial difference: your VPN sits on top of your internet connection, but the SIM and your mobile network connection operate on a different layer. Your phone still connects to local cell towers even with the internet toggled off.

How to stay safe

For most people, this isn't a reason to panic. These campaigns are said to be aimed at high-profile individuals, and so far, there doesn't seem to be a campaign that targets the general public.

The bigger problem is that there's not much you can do to defend yourself from these attacks, should they come your way. A telecom-level actor targeting your SIM or abusing mobile signalling systems is not something you can fully prevent.

Therefore, while standard cybersecurity habits, like keeping your device updated and using a VPN, are essential for your daily internet privacy, defending against this specific type of telecom tracking requires extreme measures. For high-risk individuals, the only true mitigation is relying solely on Wi-Fi and disabling cellular connections entirely.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Monica J. White
Monica J. White
Contributing Writer

Monica is a tech journalist with over a decade of experience. She writes about the latest developments in computing, which means anything from computer chips made out of paper to cutting-edge desktop processors.

GPUs are her main area of interest, and nothing thrills her quite like that time every couple of years when new graphics cards hit the market.

She built her first PC nearly 20 years ago, and dozens of builds later, she’s always planning out her next build (or helping her friends with theirs). During her career, Monica has written for many tech-centric outlets, including Digital Trends, SlashGear, WePC, and Tom’s Hardware.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.