Last November, two Twitter employees in the US were charged for allegedly spying for Saudi Arabia. Now, the Arab nation is using flaws in telecommunications network infrastructure to snoop on its own citizens traveling abroad.
A whistleblower told The Guardian that millions of secret requests originated from Saudi Arabia were made for tracking folks traveling in the US with Saudi-registered phones. These requests started in November 2019 and continued for the next four months; the whistleblower suggested an average of 2.3 million requests were made per month.
The report noted that these efforts take advantage of a vulnerability in the Signalling System No.7 (SS7) network protocol. SS7 allows internetwork operability, enabling you to communicate with someone who’s using another mobile carrier. Plus, it also enables roaming in an area where your network provider doesn’t offer its service.
Using a flaw in SS7, a cybercriminal can look at your texts and listen to your calls. Moreover, they can also determine your location within hundreds of feet using network triangulation. Carriers have to make a “provide subscriber information” (PSI) request to obtain this data. It’s common practice for carriers to make these requests — especially when you’re using roaming services in another country — to check if you’re being billed correctly.
However, security and network experts who looked at the tracking request data told The Guardian that the number of requests and the nature of the information collected points towards a snooping campaign by Saudi Arabia. However, it’s not known that Saudi carriers that made such requests were complicit with the government.
Andrew Miller, a former member of Barack Obama’s National Security Council, and an expert on Middle Eastern affairs, told The Guardian that with this campaign, Saudi Arabia likely wants to keep a tab on its citizens’ activities in western countries, as the kingdom may fear those people “may deviate from the Saudi leadership.”
Earlier this year, an investigation revealed that Saudi Arabian prince Mohammed bin Salman might be behind the of hacking Amazon founder Jeff Bezos’ phone. So, if this new report is found to be true, it might hurt the relationship between the two countries.