Flaws in the mobile networks of large US carriers have allowed foreign governments and other telcos to spy on users, according to a whistleblower.
The Guardian reported that flaws present in the SS7 (Signalling System 7) are being exploited by Saudi Arabia to track the movement of its citizens in the United States, as evidenced by a large data cache, which lists millions of locations visited since November.
The requests to track the locations were made by three of Saudi Arabia's largest cell carriers, which has led some to believe the government is responsible.
“Such requests are legitimately used to help foreign operators register roaming charges,” the Guardian writes. “But excessive use of such messages is known in the mobile telecoms industry to be indicative of location tracking.”
SS7 is a set of telephony protocols first introduced in 1975. It allows telco providers to route calls and messages between different providers, even when the user is abroad.
Flaws were discovered in the protocols four years ago, yet it appears carriers have done almost nothing to remedy the vulnerabilities.