Surveillance – How to secretly track cellphone users position around the globe

Pierluigi Paganini September 18, 2014

Using the proper surveillance systems available on the market it is easy and quick to track cellphone and the movements of targets everywhere on the globe.

We recently discussed the decision of Wikileaks to publish copies of the criticized surveillance software FinFisher, highlighting the dangers for the militarization of the cyberspace and in particular for the use of spyware to track users.
The principal vendors of surveillance platforms defend their business declaring that the solutions are only for law enforcement and intelligence agencies. Unfortunately, the reality is quite different because many threat actors worldwide use surveillance malware to track individual for different reasons.
The Washington Post published an interesting article a few weeks ago on surveillance technology that can be used to track individuals anywhere in the world through the localization of their mobile devices.
The post explains that surveillance vendors using the SS7 protocol, aka Signaling System Number, are able to geo-localize users with great precision.
“The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data.” reports the Washington Post. 

SS7 or Signaling System Number 7 is a protocol suite used by several telecommunications operators to communicate with one another with directing calls, texts, and Internet data. The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.

The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say,” explains the post.

All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.” continues the Washington post.

Another family of devices sold by companies which provide surveillance solutions are the IMSI catchers, also known by one popular trade name, StingRay. An IMSI catcher (International Mobile Subscriber Identity) is device for telephony eavesdropping commonly  used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially, it operates as a bogus mobile cell tower between the target mobile phone and the service provider’s real towers. The IMSI catcher runs a Man In the Middle (MITM) attack that could not be detected by victims using commercial products.
The use of trackers based on the exploitation of the SS7 protocol is recommended with “IMSI catchers,” in fact while SS7 trackers locate the victim the IMSI catchers can be deployed effectively.
StingRays are common surveillance devices that allow are able to intercept calls and Internet traffic, send fake texts, install malware on a phone, and of course, find the precise location of the victim.

What’s interesting about this story is not that the cell phone system can track your location worldwide,”“That makes sense; the system has to know where you are. What’s interesting about this story is that anyone can do it.”  said the popular expert Bruce Schneier.

Privacy advocates are really concerned with possible misuse of such technology, foreign state-sponsored hackers and cyber criminals could use it for illegal activities. Let’s remember that it is illegal in many countries to track individuals without a court order, but there is no clear international legal framework that punishes ill intentioned for secretly tracking people in other countries.

The FCC recently created an internal task force to study the misuse of IMSI catchers in the cybercrime ecosystem and foreign intelligence agencies, which demonstrated that this technology could be used to spy on American citizens, businesses and diplomats.


Don’t forget that government to track us just need to type our phone number into a computer portal, which then collects data about our location, to within a few blocks in an urban area or a few miles in a rural one, from databases maintained by cellular carriers.

The Washington Post made explicit reference to a 24-page marketing brochure for the cellular tracking system sold by Verint codenamed SkyLock. The document, dated January 2013 and labeled “Commercially Confidential,”,  reveals the system offers government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”

The brochure includes screenshots of maps depicting location tracking in what appears to be Mexico, Nigeria, South Africa, Brazil, Congo, the United Arab Emirates, Zimbabwe and several other countries. Verint says on its Web site that it is “a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk, and compliance,” with clients in “more than 10,000 organizations in over 180 countries.”

As said by Eric King, deputy director of Privacy International:
“Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” “This is a huge problem.”
[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Surveillance, privacy)

[adrotate banner=”12″]

you might also like

leave a comment