Surveillance of roaming mobile subs now a global threat – report

  • The laissez-faire nature of global telecoms, lax security standards and lack of legal and regulatory consequences are to blame
  • Mobile networks are riddled with flaws, particularly at hand-off points, according to a report from Canada
  • Operators and regulators have taken their eyes off the ball 
  • 5G networks are likely to be as vulnerable as 3G and 4G

The ad hoc nature of the development of mobile telecoms networks around the globe means they are riddled with vulnerabilities, security faults and inadequacies that leave roaming subscribers exposed to tracking and surveillance as they move between and across networks. This is the key takeaway from the results of a comprehensive investigation undertaken by researchers at the University of Toronto in Canada that looked at how mobile roaming can enable unlawful location tracking.

The team’s report, Vulnerabilities in cellphone roaming let spies and criminals track you across the globe, comes from the Citizen Lab, an interdisciplinary laboratory based at the Musk School of Global Affairs at the University of Toronto, Canada. Founded in 2001, the lab studies information controls that impact the openness and security of the internet and that pose threats to human rights. 

As the report makes plain, the very flexibility of the networks and the signalling systems of seamless hand-offs from one mobile network to another that permit roaming in the first place, also carry within them the seeds of potential unlawful surveillance because, to manage hand-offs, network operators must relay details about who the subscriber is, and exactly where he or she is located. The hand-off of a connection is a particularly vulnerable point in the roaming connectivity process that is exploited, by unlawful state actors and gangs of fraudsters alike, to access the all-important geolocation data they need to commit their crimes.

The point is, of course, that “information collected by, and stored within, mobile networks can represent one of the most current and comprehensive dossiers” of an individual’s life. “Our mobile phones are connected to these networks and reveal our behaviours, demographic details, social communities, shopping habits, sleeping patterns, and where we live and work, as well as provide a view into our travel history. This information, in aggregate, is jeopardised, however, by technical vulnerabilities in mobile communications networks,” noted the report.

5G’s multitude of applications will make it a prime target for incursions

The Citizen Lab report examines geolocation-related threats apparent in 3G, 4G and 5G network operators and goes on to cite evidence of the prolific incidence of them. It emphasises that in many parts of the world, for example in Sub-Saharan Africa and parts of the Middle East and Eastern Europe, 3G mobile technology remains ubiquitous and its SS7 signalling protocol makes it a comparatively easier target than 4G or 5G, although both later mobile generations are also vulnerable in certain respects. For example, 5G will have multiple vulnerabilities via its use in connected cars, smart homes, smart grids, healthcare and so on.

The report also highlights the role of the IP exchange (the IPX), a network hub that enables mobile operators to exchange subscriber data. These interconnection points are “used by over 750 mobile networks spanning 195 countries around the world. There are a variety of companies with connections to the IPX which may be willing to be explicitly complicit with, or turn a blind eye to, surveillance actors taking advantage of networking vulnerabilities and one-to-many interconnection points to facilitate geolocation tracking,” noted the report’s authors.

That sounds bad enough, but Citizen Lab goes on to say that as telcos can sell and resell access to the IPX by third parties, it creates “further opportunities for a surveillance actor to use an IPX connection while concealing its identity through a number of leases and subleases.”

In its research, Citizen Lab documented incidences of mobile roaming being used to run surveillance across great distances. In one case the lab observed a seven-month-long surveillance campaign in Vietnam, exploiting the GTel Mobile network owned by the state of Zimbabwe, to track the movements of African cellular customers. As the report said, “Given its ownership by the Ministry of Public Security, the targeting was either undertaken with the Ministry’s awareness or permission or was undertaken in spite of the telecommunications operator being owned by the state.” 

Another case cited in the report is that of “a likely state-sponsored activity intended to identify the mobility patterns of Saudi Arabia users who were travelling in the United States.” The Saudi citizens tracked were geolocated by the authorities in Riyadh every 11 minutes.

These examples (and many others including tracking originating in Chad, the Democratic Republic of the Congo, Iceland, India, Italy, Jamaica, Ghana, Malaysia, Mozambique, Sweden, Saudi Arabia, Uganda, Zimbabwe and others) show that illicit and illegal exploitation of the world’s interlinked mobile networks really is now a growing global phenomenon. 

The report concluded that part of the reason for the spread of unlawful tracking is because, in focusing so heavily on the perceived threat of Chinese comms technologies in their networks, western counties have tended to ignore or downplay developments in other parts of the world, have become lax in their approach to other threats and slow to strengthen network security to prevent them.

“The slow pace of operator security deployments over the most vulnerable attack vectors should be a wake-up call to country regulators. To counter attacks quickly, adherence to 5G security guidelines and standards are imperative, in addition to adequate tools for threat detection. Without these measures, the ways in which 5G networks have been deployed may only be marginally better at protecting users from surveillance actors’ attacks than the prior 3G and 4G networks, if at all.” 

Now that is a damning verdict.

- Martyn Warwick, Editor in Chief, TelecomTV

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.