Security researchers at Citizen Lab discovered two separate campaigns where surveillance vendors impersonated legitimate telecom providers to access phone networks and track individuals' locations. The vendors exploited known vulnerabilities in Signaling System 7 (SS7) and related protocols that lack authentication and encryption. The findings suggest widespread abuse of telecom infrastructure weaknesses.
Safety
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
Citizen Lab researchers uncovered surveillance vendors exploiting unencrypted, authentication-free SS7 telecom protocols to impersonate legitimate providers and track individuals' phone locations at scale.
Thursday, April 23, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline
Tags
safety
/// RELATED