Citizen Lab says surveillance vendors abused telecom networks to track phone users

Citizen Lab says two surveillance campaigns used weaknesses in global telecom infrastructure to track people through their phones, according to a report first covered by TechCrunch on April 23. The researchers say the operators abused SS7 and Diameter signaling access, and in one case used silent SMS commands, to turn mobile networks into location-tracking systems.

The important part is not that SS7 is old news. It is that the same class of surveillance is still working across modern networks because carriers do not always implement the protections that newer systems were supposed to add. That keeps a long-running privacy problem alive even as operators market 4G and 5G as more secure successors.

According to TechCrunch's reporting on the Citizen Lab findings, the operators posed as legitimate telecom businesses or hid behind carrier infrastructure to run the campaigns. The report says three telecom providers repeatedly appeared as entry or transit points: 019Mobile in Israel, Tango Networks U.K., and Airtel Jersey, now owned by Sure. Sure told TechCrunch it does not knowingly provide signaling access for tracking people and said it monitors and blocks misuse.

Citizen Lab also says one campaign mixed older SS7 abuse with fallback attempts against Diameter, while another targeted a high-profile victim with SIMjacker-style silent SMS messages that communicate directly with a SIM card without appearing in the user interface. Researcher Gary Miller told TechCrunch that he has seen thousands of similar attacks over the years and described the two cases as only a small sample of a much larger global problem.

That matters well beyond the surveillance industry. If signaling access can still be rented, resold, or misused through intermediaries, telecom trust becomes a supply-chain problem rather than a bug in one network. For readers, the practical takeaway is sobering: phone number-based location privacy still depends heavily on carrier security decisions that users cannot inspect or control. As first reported by TechCrunch, the Citizen Lab findings are another reminder that telecom modernization has not closed the gap between mobile convenience and surveillance risk.