Sophisticated phone tracking and surveillance may seem the purview of the National Security Agency and other big government spying agencies, but it’s increasingly becoming available to small-time stalkers around the world. The reason? Surveillance equipment makers are selling the technology across the globe, making it much easier for tin-pot governments – and even criminal gangs – to spy on anyone with a mobile phone, according to a new report in the Washington Post.
What these systems all have in common is their use of mobile carriers’ networks to track your phone’s movements or to sense its location in real time. By tapping into the carriers’ signaling networks, governments and hackers alike can query the location of a particular phone at any time, even if it’s outside the country, according to the Post’s in-depth explanation. A telecom security researcher was able use those techniques to track a Post employee’s location within a square block in Washington, D.C., armed only the employee’s 10-digit AT&T(s t) phone number.
Private companies’ decision to sell such technology to the highest bidder is likely raising hackles among many of you, but you also might be wondering why our mobile carriers are tracking this kind of information in the first place, and why they appear to sharing it with any spook that asks for it.
The answer is a bit complicated. Cellular is basically the ultimate location-based service. While you can opt in or out of location-sharing for any particular app, you can’t turn off network tracking at the most fundamental level. Otherwise your phone calls and data would never reach you.
While a residential phone line always leads to one physical location, the “line” of a mobile phone is basically set up over radio waves every time you place or take a call or send or receive a packet of data. In order to ensure that line is always reachable, your phone is constantly screaming its location to the nearest cell tower. That way YouTube knows exactly to which base station to send your video stream and Verizon(s vz) knows which cell site to route your calls at any given moment.
Not only do networks need to know your location, they need to share it because our phones don’t operate on a single network. They switch between Wi-Fi and cellular, and they roam onto other carriers networks in rural areas and other countries. For AT&T to route your Mom’s call to you while you’re vacationing in France, it needs to know what Orange or SFR cell site you’re connected to, and Orange and SFR readily share that information across interconnected signaling networks.
Basically, in order to create a truly mobile, global and ubiquitous communications system, the telecom industry needed to create a very prying, yet very open system of networks. And as the Post points out those networks are notoriously insecure, allowing anyone with the the right know-how and right equipment to pluck your location within a few blocks radius out of the telecom ether.
The mobile industry could stop a lot of this prying by creating more secure signaling networks and protocols, which today are based on a standard simply called Signaling System No. 7 or SS7. As we move away from old 2G circuit-switched calling networks to new voice-over-LTE systems, we could get networks better protected from unwanted snoopers, but that doesn’t protect us from the many government agencies that are allowed or even invited to monitor networks.
In many parts of the world, telecom networks are owned, controlled or closely tied to the governments under which they operate. And as revelations about the massive amount of data that the NSA collects from American communications and internet companies show, the U.S. is no exception.
We’ve heard the same story retold in different ways before. Technology is spearheading a revolution in communications, but it also raise big implications for privacy. In order for a mobile network to work, it needs to obtain intimate details about your location and share that information with other networks. Otherwise we’d never be able to make a phone call.