Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 01 2020, @10:23AM   Printer-friendly
from the spy-vs-spy dept.

Saudi Arabia may be spying on its citizens via US mobile networks:

Data shared by a whistleblower suggests Saudi Arabia may be using a weakness in mobile telecom networks to track its citizens in the US, The Guardian reports. The data shows that over a four-month period, Saudi Arabia's three biggest mobile phone companies sent 2.3 million requests for Provider Subscriber Information (PSI). Normally, that data is used to help foreign operators register roaming charges, but the high volume of requests could also give the Saudi telecoms enough info to track users within hundreds of meters of accuracy.

This takes advantage of long-standing vulnerabilities in a global messaging system called SS7, which routes mobile calls when a user from one country is traveling in another. According to the data shared with The Guardian, the Saudi telecoms sent millions of these PSI SS7 requests to US carriers, including AT&T, T-Mobile and Verizon (Engadget&aposs parent company) between November 2019 and March 1st -- sometimes requesting data as often as two to 13 times per hour.

It isn't clear if the Saudi telecoms were spying on behalf of the government, but the kingdom doesn't have the best track record. Earlier this year, The Guardian reported that Amazon's Jeff Bezos's phone was hacked via a WhatsApp message from the personal account of Prince Mohammed. Twitter has banned thousands of accounts linked with a state-backed effort to promote the Saudi government's message, and the Department of Justice has charged former Twitter employees with spying for Saudi Arabia.

Saudi Arabia reportedly tracked phones by using industry-wide carrier weakness:

[...]

The Guardian says it has evidence that Saudi Arabia is exploiting a decades-old weakness in the global telecoms network to track the kingdom's citizens as they travel in the United States.

The publication cited data provided by a whistleblower that suggests Saudi Arabia is engaged in systematic spying by abusing Signalling System No. 7. Better known as SS7, it's a routing protocol that allows cell phone users to connect seamlessly from carrier to carrier as they travel throughout the world. With little built-in security for carriers to verify one another, SS7 has always posed a potential hole that people with access could exploit to track the real-time location of individual users. SS7 abuse also makes it possible for spies to snoop on calls and text messages. More recently, the threat has grown, in part because the number of companies with access to SS7 has grown from a handful to thousands.

The data provided to The Guardian "suggests that millions of secret tracking requests emanated from Saudi Arabia over a four-month period beginning in November 2019," an article published on Sunday reported. The requests, which appeared to originate from the kingdom's three largest mobile phone carriers, sought the US location of Saudi-registered phones.

The whistleblower's data appears to show Saudi Arabia sending an unnamed major US mobile operator requests for PSI—short for Provide Subscriber Information. Sunday's report said there were an average of 2.3 million such requests per month for the four months starting in November. The data, The Guardian said, suggests that Saudi Arabian phones were tracked as many as 13 times per hour as their owners carried them about the United States. The Saudi operators also sent separate PSLs. US carriers blocked the requests, indicating that the requests were suspicious.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by linkdude64 on Wednesday April 01 2020, @11:30AM (3 children)

    by linkdude64 (5482) on Wednesday April 01 2020, @11:30AM (#977997)

    Only WE are allowed to do that to our citizens!!!

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1, Touché) by Anonymous Coward on Wednesday April 01 2020, @03:16PM (1 child)

    by Anonymous Coward on Wednesday April 01 2020, @03:16PM (#978051)

    Saudi Arabia, unlike the US, doesn't have "citizens". People from Saudi Arabia are properly called "subjects". As we all know, subjects exist for the amusement of royalty.

    • (Score: 0) by Anonymous Coward on Wednesday April 01 2020, @08:51PM

      by Anonymous Coward on Wednesday April 01 2020, @08:51PM (#978155)

      And beware the day when the royals are _not_ amused.

  • (Score: 2) by driverless on Friday April 03 2020, @02:12AM

    by driverless (4770) on Friday April 03 2020, @02:12AM (#978534)

    It also seems like a red herring, you don't need to use some random SS7 vulns when every cell tower tracks the location of every phone in real time, and that info is accessible to anyone with appropriate access. I cannot imagine the a totalitarian regime like the Saudi Government hasn't had front-door real-time access to all this data from the minute the systems were installed. In the US, not only does the government have access to it, you even can buy it commercially from a range of companies offering "mobility insights" and similar euphemisms.