Saudi Arabia reportedly tracked phones by using industry-wide carrier weakness

The Guardian says it has evidence that Saudi Arabia is exploiting a decades-old weakness in the global telecoms network to track the kingdom’s citizens as they travel in the United States.

The publication cited data provided by a whistleblower that suggests Saudi Arabia is engaged in systematic spying by abusing Signalling System No. 7. Better known as SS7, it’s a routing protocol that allows cell phone users to connect seamlessly from carrier to carrier as they travel throughout the world. With little built-in security for carriers to verify one another, SS7 has always posed a potential hole that people with access could exploit to track the real-time location of individual users. SS7 abuse also makes it possible for spies to snoop on calls and text messages. More recently, the threat has grown, in part because the number of companies with access to SS7 has grown from a handful to thousands.

The data provided to The Guardian “suggests that millions of secret tracking requests emanated from Saudi Arabia over a four-month period beginning in November 2019,” an article published on Sunday reported. The requests, which appeared to originate from the kingdom’s three largest mobile phone carriers, sought the US location of Saudi-registered phones. The unnamed whistleblower said they knew of no legitimate reason for requests of that volume. “There is no explanation, no other technical reason to do this,” The Guardian quoted the source as saying. “Saudi Arabia is weaponizing mobile technologies.”