Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US, according to a whistleblower who has shown the Guardian millions of alleged secret tracking requests.
Data revealed by the whistleblower, who is seeking to expose vulnerabilities in a global messaging system called SS7, appears to suggest a systematic spying campaign by the kingdom, according to experts.
The data suggests that millions of secret tracking requests emanated from Saudi Arabia over a four-month period beginning in November 2019.
The tracking requests, which sought to establish the US location of Saudi–registered phones, appeared to originate from Saudi’s three biggest mobile phone companies.
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistleblower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for mobile phone location data that were routed through the decades-old SS7 global messaging system, which allows mobile operators to connect users around the world. For example, a mobile user from the US travelling in Germany and seeking to make a call back to the US is connected through the SS7 network.
The SS7 system also enables tracking of phones, which has been a cause for concern by security experts. When a US carrier – such as Verizon, T-Mobile or AT&T – receives what is known as a Provide Subscriber Information SS7 message (or PSI) from a foreign mobile phone operator, they are getting, in effect, a tracking request.
Such requests are legitimately used to help foreign operators register roaming charges. But excessive use of such messages is known in the mobile telecoms industry to be indicative of location tracking.
Experts expressed alarm at the tracking request data because of the apparently persistent high frequency of the requests that appeared to be emanating from Saudi operators seeking to locate their subscribers once they entered the US.
It is not known whether the Saudi mobile operators that were requesting large amounts of location tracking data about their subscribers were knowingly complicit in any government–run surveillance programme.
However, it has already been widely reported that the Saudi government uses cyberweapons to hack dissidents and critics of the kingdom’s crown prince, Mohammed bin Salman. In January the Guardian revealed that the Amazon billionaire Jeff Bezos’s mobile phone was “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of Prince Mohammed.
theguardian.com |
