Saudis in US snooped on via flaw in wireless network protocol
Image credit: Pexels
Powerful Saudi actors have been exploiting a mobile network protocol flaw in order to snoop on its citizens in the US, a Guardian report has found.
The suspected surveillance campaign made use of a vulnerability in the Signalling System No.7 (SS7) network protocol, which is used by network operators around the world. The protocol allows operability between networks (i.e. it allows users to communicate with customers of other mobile network operators and enables roaming).
Experts have warned for years that vulnerabilities in the protocol allow attackers with privileged access – almost always governments or the network operators themselves – to read SMS messages, listen in to calls and track approximate location (to within hundreds of feet) via operator triangulation. This can be achieved by making requests to “provide subscriber information”.
While these requests are usually entirely benign, such as to ensure that a customer is being billed correctly while roaming, an excessive number of requests points to suspicious behaviour.
A whistleblower told the Guardian that millions of secret requests originating from Saudi Arabia in the four months beginning November 2019 were made with the intent to track Saudi citizens with Saudi-registered phones in the US. According to the whistleblower, an average of 2.3 million requests were made every month by Saudi Arabia’s three largest mobile network operators.
Security experts said that these millions of requests pointed strongly towards a surveillance campaign by Saudi Arabian actors, although it cannot be confirmed that the Saudi government is involved. Former Obama-era National Security Council member Andrew Miller told the Guardian that Saudi Arabia likely wants to keep track of its citizens' activities abroad, given the risk that their loyalties may “deviate from the Saudi leadership”.
After years of warnings - and some high-profile cases of exploitation of vulnerabilities in the SS7 protocol - pressure is likely to mount further on US carriers and their regulator, the Federal Communications Commission (FCC), to ensure that their networks cannot be exploited for malicious purposes such as fraud and surveillance. The FCC has “encouraged” network operators to improve the security of their SS7 systems by monitoring their networks and installing firewalls, although it has not taken stricter enforcement action.
Ron Wyden, a Democratic Senator, member of the Senate Intelligence Committee and high-profile tech hawk, said: “I’ve been raising the alarm about security flaws in US phone networks for years, but FCC chairman Ajit Pai has made it clear he doesn’t want to regulate the carriers or force them to secure their networks from foreign government hackers. Because of his inaction, if this report is true, an authoritarian government may be reaching into American wireless networks to track people inside our country.”
Earlier this year, an investigation concluded that Amazon founder and CEO Jeff Bezos had his personal phone hacked via a WhatsApp message from Saudi Crown Prince Mohammed bin Salman (the Saudi government has dismissed the claim as “absurd”), while in 2019 two former Twitter employees were charged with spying on critics of the Saudi government, having been planted by the Saudi government.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.