Citizen Lab Reveals Two Global Telecom Surveillance Campaigns Targeting High‑Profile Users
Companies Mentioned
Why It Matters
The exposure of coordinated SS7/Diameter attacks demonstrates that even well‑established telecom protocols remain exploitable by sophisticated state‑linked actors. For businesses and individuals, the risk translates into real‑world location tracking, potentially compromising corporate secrets, diplomatic communications, and personal safety. Moreover, the findings pressure regulators to revisit legacy security assumptions and push operators toward modern, authenticated signalling stacks. If left unaddressed, these vulnerabilities could erode trust in mobile communications, hinder cross‑border commerce, and embolden adversaries to expand surveillance campaigns. The report therefore serves as a catalyst for industry‑wide reforms, encouraging the adoption of hardened signalling architectures and international cooperation on threat intelligence sharing.
Key Takeaways
- •Citizen Lab identified two covert surveillance campaigns using SS7/Diameter signaling in Nov 2024 and early 2025.
- •Both operations targeted high‑value mobile subscribers across 3G and 4G networks in Israel, the UK and the Channel Islands.
- •Collaboration with Cellusys, Telenor Linx, Roaming Audit and P1 Security enabled multi‑source attribution of the attacks.
- •The findings highlight systemic weaknesses in the global telecom trust model that enable state‑linked location tracking.
- •Report calls for stronger authentication, real‑time anomaly detection and international regulatory coordination.
Pulse Analysis
The Citizen Lab disclosures arrive at a pivotal moment for telecom security. Legacy signalling protocols like SS7 were designed in an era of limited inter‑operator trust, and their continued use in a hyper‑connected world creates a blind spot that nation‑state actors can exploit with relative ease. While the industry has begun to adopt newer standards—such as Diameter for LTE and upcoming 5G core security enhancements—the transition is uneven, leaving a patchwork of vulnerable nodes.
Historically, major breaches (e.g., the 2015 SS7 exploits that allowed interception of calls and texts) prompted incremental hardening, but the lack of a unified global enforcement mechanism has meant that many operators still run legacy stacks. The Citizen Lab report underscores that the problem is not merely technical; it is also political. The identified infrastructure resides in jurisdictions with differing regulatory appetites for surveillance, complicating any coordinated response.
From a market perspective, operators that proactively invest in signalling security can differentiate themselves, especially as enterprises demand higher privacy guarantees for mobile‑first workforces. Conversely, failure to address these gaps could invite stricter government mandates or even sanctions, as regulators worldwide become more vigilant about cross‑border data protection. The upcoming rollout of 5G core networks offers a window of opportunity: embedding robust authentication and encryption at the design stage could future‑proof networks against the type of covert tracking detailed in the report. However, this will require substantial capital expenditure and cross‑industry collaboration, something that has historically been slow to materialize.
In short, the revelations are a wake‑up call that the telecom ecosystem’s foundational trust model is under siege. Stakeholders—from network operators to policymakers—must treat signalling security as a critical component of national security, not an afterthought.
Citizen Lab Reveals Two Global Telecom Surveillance Campaigns Targeting High‑Profile Users
Comments
Want to join the conversation?
Loading comments...