SURVEILLANCE VENDORS ABUSE TELECOM ACCESS TO TRACK PHONES

The Citizen Lab's investigation uncovered a significant security breach in how telecom operators manage third-party access to their networks. Two separate surveillance vendors gained unauthorized ability to track individuals' real-time locations by leveraging their connection to the cellular backbone infrastructure. The research reveals how location data—typically restricted to authorized carriers and emergency services—became accessible to commercial surveillance firms. These vendors exploited legitimate telecom partnerships to perform location tracking on several victims globally, raising critical questions about access controls and operator oversight. Cellular networks maintain complex systems that allow authorized parties to query location information for legitimate purposes. However, this investigation demonstrates vendors bypassed standard restrictions to conduct surveillance operations beyond their authorized scope. The Citizen Lab did not disclose the specific vendors or victims involved, citing security concerns. The organization has reported findings to affected telecom operators and relevant authorities. This discovery highlights vulnerabilities in telecom infrastructure that extends beyond typical cybersecurity concerns. Location data represents one of the most sensitive forms of personal information, capable of revealing patterns about individuals' movements, relationships, and daily routines. Telecom operators worldwide face renewed pressure to audit third-party access and implement stronger controls over location data. The incident underscores the gap between technical capabilities built into networks and the safeguards designed to protect against misuse. Experts note that telecom operators often grant access to various commercial and government entities for legitimate services, including emergency response and fraud prevention. This investigation suggests current verification and monitoring systems are insufficient to prevent abuse. The findings add to mounting concerns about location tracking infrastructure. Previous research has documented how location data obtained through cellular networks can be weaponized against activists, journalists, and vulnerable populations.