The Guardian says there is evidence that Saudi Arabia is exploiting decades of weakness in the global telecommunications network to persecute the Kingdom's citizens on their trips to the United States.
Data cited in the publication provided by a whistleblower, suggesting that Saudi Arabia is systematically spying by misusing signaling system No. 7. Better known as SS7, it is a routing protocol that enables mobile phone users to seamlessly connect from mobile operator to mobile operator throughout their journey. With little built-in security for network operators to verify each other, SS7 has always posed a potential hole that people with access could exploit to track real-time location of individual users. SS7 abuse also enables spies to track calls and text messages. The threat has increased recently, not least because the number of companies with SS7 access has increased from a handful to thousands.
The data provided to The Guardian "indicates that millions of secret persecution requests came from Saudi Arabia over a four-month period starting in November 2019," an article published on Sunday reported. Inquiries, which appeared to come from the kingdom's three largest mobile operators, sought the US location of phones registered in Saudi Arabia.
The nameless whistleblower said he had no legitimate reason to inquire about this volume. "There is no explanation, no other technical reason for it," the Guardian quoted the source. "Saudi Arabia arms mobile technologies."
The whistleblower's data appears to show that Saudi Arabia is sending unnamed key U.S. mobile operator requests for PSI – short for Provide Subscriber Information. According to the Sunday report, there were an average of 2.3 million such requests per month in the four months from November. The data, according to The Guardian, suggest that Saudi Arabian phones were tracked up to 13 times an hour when their owners transported them in the U.S. The Saudi operators have also sent separate PSLs. US airlines blocked the requests, saying the requests were suspicious.
System break potential
Les Goldsmith, a researcher at ESD security company in Las Vegas, told me that the volume reported by The Guardian has the potential to damage the systems used by the cellular operator being polled.
"Executing so many requests for broadcast media data from a network operator could actually cause the network operator's visiting location register (VLR) or even the network operator's home location register (HLR) to crash," he said. "In essence, over-tracking by Saudi Arabia might have been able to dissuade legitimate users from a US mobile operator when HLR and VLR were reset."
The Guardian, meanwhile, cited a mobile security expert who reviewed the data and said the requests had the ability to track the owners up to hundreds of meters in a city on a map. Several other experts said the requests indicated systematic espionage on the part of Saudi Arabia.
In a statement, AT&T representatives wrote, "We have security controls to block location tracking messages from roaming partners." Representatives from T-Mobile and Verizon did not respond to a request to comment on this post. It will be updated later when companies respond.
SS7 works largely with an honor system, although some airlines are currently taking measures to better cordon it off. Given the current functioning of cellular networks, cell phone owners can do little to prevent persecution from misuse of SS7. Users can turn off phones to temporarily prevent tracking, but even then, enemies can find out the location immediately before turning off the device and get the location when it is turned on later.