Surveillance vendors have exploited vulnerabilities in outdated telecom protocols to track individuals' phone locations globally, researchers warn. Two campaigns leveraged weaknesses in SS7 (used for 2G/3G networks) and Diameter (intended for 4G/5G), which lacks universal security implementation. These attacks reveal systemic flaws in global telecom infrastructure, enabling rogue actors to bypass authentication and encryption.

The campaigns targeted 019Mobile (Israel), Tango Networks U.K., and Airtel Jersey (owned by Sure). Researchers found these providers acted as "entry and transit points" for surveillance, allowing vendors to mask their activities. Sure, owner of Airtel Jersey, denied leasing access for tracking but acknowledged past misuse risks, citing monitoring measures. 019Mobile and Tango Networks did not respond to requests for comment.

One campaign used SIMjacker-style SMS messages to hijack SIM cards, turning devices into tracking tools without user detection. Another relied on SS7/Diameter flaws to geolocate targets. Experts, including Citizen Lab's Gary Miller, noted these are "just the tip of the iceberg," with millions of similar attacks likely occurring. Miller linked the first campaign to an unnamed Israeli geo-intelligence firm with telecom expertise.

The findings underscore urgent need for standardized security protocols. While Diameter was designed to replace SS7, inconsistent adoption leaves gaps. Citizen Lab urges telecom providers to enforce authentication and encryption across all networks. As of now, no named governments or vendors have been publicly tied to the campaigns, but the researchers emphasize this is a global, well-funded issue requiring immediate attention.