Hackers Are Using Phone Networks to Track Your Location

Surveillance companies have learned how to sneak into the global telephone network by pretending to be phone service providers. Once inside, they use old security flaws to figure out where mobile phones are located, even across different countries. A digital rights group called Citizen Lab published research Thursday explaining how this works and who is doing it.

How the Attack Works

The global telephone system needs a way for phone networks in different countries to talk to each other — so you can text a friend overseas, for example. The system uses special messaging protocols called SS7 and Diameter. Think of it like a postal service: your message needs routing instructions to reach the right person, and those instructions travel through many different post offices (network operators).

Hackers found that these old messaging systems don't require passwords or encryption. That means if you can pretend to be a phone company, you can send messages that fool other networks into revealing where someone's phone is located.

Vietnamese Operator Tracked People Across Africa

From late 2022 to mid-2023, a Vietnamese phone company called Gmobile ran a location-tracking operation targeting mobile users across African countries. Gmobile is owned by the Vietnamese government's Ministry of Public Security. Researchers found that Gmobile used five different fake identities to send tracking messages to African networks.

The Vietnamese Ministry of Public Security has been accused in the past of censoring the internet and restricting people's freedom of speech.

Fake Phone Companies Gain Access

The research found that surveillance vendors also disguised themselves as legitimate phone companies to gain access to the network messaging system. Three companies were caught doing this: 019Mobile (Israeli), Tango Networks U.K. (British), and Airtel Jersey (owned by a company called Sure).

When researchers asked these companies about the tracking, they denied involvement. The head of IT at 019Mobile said he could not confirm the company was responsible. Sure's CEO said the company does not knowingly allow its networks to be used for tracking people.

Worth flagging: It is hard to prove who is behind these attacks because bad actors may be using fake company names or breaking into networks without the real companies knowing about it.

Why Old Phone Networks Are Vulnerable

The phone messaging systems built for 2G and 3G networks (from the 1990s and 2000s) have no password protection and no encryption. Newer 4G and 5G networks have better security built in, but only if phone companies actually turn it on.

The rules say that only phone companies should connect to the international phone network — not outside surveillance companies. But different countries enforce these rules differently, and there are gaps everywhere.

In this author's view, I have been covering these phone network security flaws since the early 2010s. The reason these attacks keep happening is that phone companies need their networks to be flexible and easy to use for legitimate reasons, like international roaming and emergency calls. But that same flexibility becomes an opening for hackers. Fixing it completely would mean slowing down how easily networks work together, which phone companies are reluctant to do.

Location Tracking Beyond Phone Networks

Tracking through phone networks is only part of the problem. Police and intelligence agencies also buy location information from advertising companies. These companies collect data from hundreds of millions of phones through apps. Tools like Fog Reveal let law enforcement search through billions of location records from 250 million devices — often without getting a court order first.

The four largest U.S. phone companies — Verizon, AT&T, Sprint, and T-Mobile — promised to stop selling location data to outside companies. But some data brokers still claim they have the right to sell this information if users have agreed to it.

Legal Cases Are Building

People whose privacy has been violated are suing in courts around the world. The U.S. Supreme Court is deciding whether police can use broad warrants to collect location data from hundreds of phones to find people near crime scenes. A federal court in New Orleans already ruled that this kind of warrant violates the Constitution's protection against unreasonable searches.

Other countries are also taking action. In 2021, human rights organizations filed cases in France and Thailand against companies selling spyware that tracks people's locations without permission.

The Real Problem: Old Rules for New Technology

Analysis: The telephone system faces a difficult choice. The old protocols that let phone networks around the world connect together were designed in the 1970s, long before anyone worried about hackers. They work well for global calling and texting, but they are not secure. Fixing them completely might make it harder for legitimate phone calls to work smoothly.

As phone networks upgrade to 5G in the coming years, there is still a chance to build in better security. But companies have to choose between keeping the old systems working (even though they are vulnerable) or replacing them (which is expensive and complicated). The next few years will determine whether the phone networks of the future stay vulnerable to these kinds of location-tracking attacks.