Citizen Lab finds two SS7/Diameter spying schemes

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Citizen Lab uncovered two covert spying campaigns that exploit weaknesses in the SS7 and Diameter protocols to track mobile phone locations across 2G, 3G, 4G, and 5G networks.
- Surveillance vendors are identified as the actors leveraging private operator networks and commercial surveillance tools to conduct the location tracking.
- Invisible SMS messages are used by the campaigns, masquerading as trusted telecom operators to harvest location data without user awareness.
- Ghost Operators is the name given to one campaign that tracks users worldwide and can remain undetected for years.
- UK regulator closed a loophole that previously allowed rogue companies to track phone users' location.
- VPNs are ineffective against this SIM flaw because the tracking occurs at the network level, not the device level.
- SS7 and Diameter vulnerabilities are well‑known and span multiple generations of cellular technology.
Why it matters: The campaigns give surveillance vendors unprecedented, network‑level access to individuals’ real‑time locations, while ordinary mobile users lose privacy that cannot be restored by VPNs. The UK regulator’s loophole closure marks a rare policy response, but the global scale of the exploits leaves most users exposed.



