Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Parents want safer phones for kids. These companies are answering the call.

A 600-mile road trip (and data) proves EV charging isn’t crap anymore

Kymi: Threat or menace? | TechCrunch

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Kymi: Threat or menace? | TechCrunch

    19 July 2026

    Databricks hits $188 billion valuation, extending run as AI’s favorite second act

    18 July 2026

    Neil Rimer thinks AI money is coming back

    18 July 2026

    Patreon Stops Asking AI Bots Not to Scratch — and Starts Blocking Them

    17 July 2026

    Roblox is launching an AI-powered game creation feature on its mobile app

    17 July 2026
  • Apps

    Superhuman’s new auto-draw feature almost makes me like the AI ​​responses

    19 July 2026

    Meta now alerts parents if their teen has discussed suicide or self-harm with AI chatbot

    18 July 2026

    Apple and Google ordered to purge “stud” apps from App Stores

    18 July 2026

    Newsletter platform Beehiiv now lets subscribers chat with each other, adds AI

    17 July 2026

    Google Vids now lets you star in your own AI videos

    17 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Parents want safer phones for kids. These companies are answering the call.

    19 July 2026

    I replaced the water heater and ceiling fan with a Dyson

    19 July 2026

    AI-driven memory challenge shakes up India’s smartphone market

    18 July 2026

    Smart glasses without a camera? Even Realities bets, productivity beats logging everything

    17 July 2026

    A SpaceX vet raises $65 million to pull out Cold War-era cables

    16 July 2026
  • Media & Entertainment

    Spotify extends parent-managed accounts to users on its free tier

    16 July 2026

    Spotify extends its AI with a ChatGPT-style music assistant

    15 July 2026

    12 states sue to block $110 billion Paramount deal from Warner Bros

    14 July 2026

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026
  • Security

    How an ex-DeepMind researcher raised a $300 million seed valuation before launching a product

    18 July 2026

    Period tracker Stardust shares users’ health data with analytics firm, Mozilla investigation says

    18 July 2026

    FBI Arrests Man Accused of Using Steam Games to Empty Victims’ Crypto Wallets

    17 July 2026

    British police say the arrest of two young hackers has disrupted the operations of a notorious hacking group

    16 July 2026

    US blames Russian ‘bulletproof’ web hosts for cyberattacks that netted $62m from cybercrime victims

    15 July 2026
  • Startups

    Backed by $60 million in funding, Oak comes out of stealth to fix the identity mess exacerbated by AI agents

    18 July 2026

    Applications close in 48 hours — here’s everything Aussie founders need to know about Stripe x Startup Battlefield

    18 July 2026

    Indian AI coding startup Emergent goes unicorn with $130M Series C

    17 July 2026

    Ultrahuman’s ex-VP of hardware raises $5.5 million for devices that control AI agents, not just record you

    17 July 2026

    Why AMI Labs’ Alexandre LeBrun Doesn’t Call His AI ‘AGI’ or ‘Superintelligence’

    16 July 2026
  • Transportation

    A 600-mile road trip (and data) proves EV charging isn’t crap anymore

    19 July 2026

    All electric vehicles stopped or killed in the US this year

    18 July 2026

    SpaceX abruptly aborts second launch of Starship V3 after ignition

    18 July 2026

    Zoox issues software recall after a robotaxi was confused by heavy smoke

    17 July 2026

    San Francisco mayor pushes for tougher rules after Waymo traffic fiasco

    17 July 2026
  • Venture

    Nuclear startup Valar Atomics is in talks to raise new funding at a $6 billion valuation

    18 July 2026

    No product? No problem. This Disrupt 2026 session shows how to get early stage funding with conviction, storytelling

    17 July 2026

    Founders Fund hires ex-OpenAI exec Ryan Beiermeister (and not because of her ‘mafia’ skills)

    17 July 2026

    Why Greylock limited its new fund to $1.5 billion when it says it could have raised more

    16 July 2026

    Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

    14 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Surveillance vendors caught abusing telecom access to track people’s phone locations, investigators say
Security

Surveillance vendors caught abusing telecom access to track people’s phone locations, investigators say

techtost.comBy techtost.com25 April 202605 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Surveillance Vendors Caught Abusing Telecom Access To Track People's Phone
Share
Facebook Twitter LinkedIn Pinterest Email

Security researchers have uncovered two separate spying campaigns that exploit known weaknesses in the global telecommunications infrastructure to track people’s locations. Researchers say these two campaigns are likely a small snapshot of what they believe is widespread exploitation by surveillance vendors seeking access to global phone networks.

On Thursday, Citizen Lab, a digital rights organization with more than a decade of experience exposing surveillance abuses, published a new report detailing the two newly identified campaigns. The surveillance vendors behind them, which Citizen Lab did not name, operated as “ghost” companies that pretended to be legitimate mobile carriers and would block access to those networks to look for their targets’ location data.

The new findings reveal ongoing exploitation of known flaws in the technologies that underpin global telephone networks.

One of them is the insecurity of Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that for years has been the backbone of how cellular networks interconnect and route subscribers’ calls and text messages around the world. Researchers and experts have long warned that governments and makers of surveillance technology can exploit vulnerabilities in SS7 to geo-locate people’s cellphones, as SS7 requires neither authentication nor encryption, leaving the door open for unscrupulous operators to abuse it.

The newer protocol, Diameter, designed for newer 4G and 5G communications, is supposed to replace SS7 and includes the security features its predecessor lacked. But as Citizen Lab points out in this report, there are still ways to exploit Diameter, as carriers don’t always implement the new protections. In some cases, attackers can still exploit the older SS7 protocol.

The two espionage campaigns have at least one thing in common: Both abused access to three specific telecommunications providers that repeatedly acted “as surveillance entry and transit points within the telecommunications ecosystem.” This access gave the surveillance vendors and their government clients behind the campaigns the ability to “hide behind their infrastructure,” as the researchers explained.

According to the report, the first is the Israeli company 019Mobile, which the researchers say was used in many surveillance attempts. British provider Tango Networks UK was also used for surveillance activity over several years, investigators say.

Techcrunch event

San Francisco, California
|
13-15 October 2026

The third mobile operator is Airtel Jersey, an operator on the Channel Island of Jersey now owned by Sure, a company whose networks have linked to previous tracking campaigns.

Certainly CEO Alistair Beak told TechCrunch that the company “does not directly or knowingly lease access to signals to organizations for the purposes of locating or tracking individuals or intercepting communications content.”

“Sure recognizes that digital services can be misused, which is why we take a number of measures to mitigate this risk. Sure has implemented many safeguards to prevent the misuse of signaling services, including monitoring and blocking inappropriate signaling,” Beak’s statement said. “Any evidence or valid complaint related to misuse of Sure’s network results in immediate suspension of service and, where malicious or inappropriate activity is confirmed after investigation, permanent termination.”

Tango Networks and 019Mobile did not respond to TechCrunch’s request for comment.

Gil Nagar, Head of IT and Security and 019Mobile, sent a letter at Citizen Lab. Nagar said the company “cannot confirm” that the alleged 019Mobile infrastructure, identified by Citizen Lab as being used by surveillance vendors, belongs to the company.

Investigators say “high-profile” people are being targeted.

According to Citizen Lab, the first surveillance vendor facilitated spying campaigns spanning several years against different targets around the world and using the infrastructure of several different mobile carriers. This led investigators to conclude that different government clients of the surveillance vendor were behind the various campaigns.

“The evidence points to a purposeful and well-funded operation with deep integration into the mobile signaling ecosystem,” the researchers wrote.

Gary Miller, one of the researchers investigating these attacks, told TechCrunch that some indications point to an “Israel-based commercial geoinformation provider with specialized telecommunications capabilities,” but did not name the tracking provider. Several Israeli companies are known to offer similar services, including Circles (later acquired by spyware maker NSO Group), Cognyte and Rayzone.

Contact us

Do you have more information about surveillance vendors that exploit mobile networks? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.

According to Citizen Lab, the first campaign was based on trying to exploit flaws in SS7 and then switching to exploiting Diameter if those efforts failed.

The second spying campaign used different methods. In this case, the other surveillance vendor behind it — which Citizen Lab isn’t naming either — relied on sending a special type of SMS message to a specific “high-profile” target, the researchers explained.

These are text messages designed to communicate directly with the target’s SIM card without showing any trace of them to the user. Under normal circumstances, these messages are used by mobile operators to send harmless commands to their subscribers’ SIM cards used to keep a device connected to their network. However, the surveillance vendor sent commands that effectively turned the target’s phone into a location tracking device, according to the researchers. This type of attack was called SIMjacker by the mobile operator Enea in 2019.

“I’ve observed thousands of these attacks over the years, so I’d say it’s a pretty common feat that’s hard to detect,” Miller said. “However, these attacks appear to be geographically targeted, indicating that operators using SIMjacker-style attacks likely know the countries and networks most vulnerable to them.”

Miller made it clear that these two campaigns are only the tip of the iceberg. “We focused on just two tracking campaigns in a universe of millions of attacks around the world,” he said.

Updated to include 019Mobile’s responses sent to Citizen Lab.

When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.

abusing access caught cyber security Diameter investigators Israel location tracking locations peoples phone privacy SS7 surveillance Telecom Track Vendors
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleFrom Stage to Future: Where Are Startup Battlefield Alumni Now?
Next Article In another crazy turn for AI chips, Meta signs deal for millions of Amazon AI processors
bhanuprakash.cg
techtost.com
  • Website

Related Posts

How an ex-DeepMind researcher raised a $300 million seed valuation before launching a product

18 July 2026

Period tracker Stardust shares users’ health data with analytics firm, Mozilla investigation says

18 July 2026

FBI Arrests Man Accused of Using Steam Games to Empty Victims’ Crypto Wallets

17 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Parents want safer phones for kids. These companies are answering the call.

19 July 2026

A 600-mile road trip (and data) proves EV charging isn’t crap anymore

19 July 2026

Kymi: Threat or menace? | TechCrunch

19 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

Backed by $60 million in funding, Oak comes out of stealth to fix the identity mess exacerbated by AI agents

Applications close in 48 hours — here’s everything Aussie founders need to know about Stripe x Startup Battlefield

Indian AI coding startup Emergent goes unicorn with $130M Series C

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.