Guardian report: Saudi Arabia exploits a loophole on global communications networks to spy on its citizens

A Guardian newspaper report revealed that the Saudi authorities exploit the weaknesses of the global mobile communications network to track their citizens while traveling throughout the United States, where the newspaper obtained many violations that show millions of secret tracking requests from one of its sources.

According to experts, the data disclosed to the newspaper by detectives reveals weaknesses in the global communication protocol called "SS7" and used in a systematic spying campaign by the Saudi government.

This is the latest tactic by the Saudi government to spy on its citizens abroad, as the kingdom has faced accusations of using powerful mobile spy software to penetrate the phones of dissidents and activists to monitor their activities, including those close to the journalist Jamal Khashoggi who was killed by Saudi government agents at the kingdom's embassy in Istanbul. . In addition, the kingdom was accused of planting spies on Twitter to monitor critics of the regime.

The dangerous thing about this tactic is that it does not target opponents but rather Saudi citizens who travel around the world, especially the United States, where the Guardian obtained data tracking sites for millions of Saudi citizens over the past four months since last November.

The report says that the site tracking requests were submitted by the three largest Saudi cellular companies - namely Saudi Telecom, Mobily and Zain, and it is believed that these requests are from the Saudi government - by exploiting the weaknesses of the SS7 protocol.

How does SS7 follow you?
The "SS7" protocol is a set of protocols for phones that were developed in 1975, and they are the protocols responsible for directing all services related to phone calls and many other services such as text messages (SMS), and it is considered one of the most popular protocols for signal and is widely used with systems. Ground communications.

The importance of this protocol lies in its ability to allow customers of different telecom companies to communicate with each other easily even when they are outside their countries.

In other words, a customer can call a Vodafone network phone, or send a friend on the Zain network even when he is in another country, which is known as the International Roaming Service. But experts say that the system’s weak point is the telecom companies themselves and the governments controlling them, as this protocol allows telecom companies to track the location of the devices to a few hundred feet even when they are in another country or a foreign network by submitting a request to “provide subscriber information.”

These "subscriber information requests" typically aim to ensure that a foreign network user is properly billed to their original network, which is normal, but requests made in large and redundant quantities can indicate a monitoring process for these people.

The attention of the experts drew the number of huge and continuous tracking requests that appear to be issued by Saudi telecom companies through which they seek to locate their subscribers once they enter the United States.

The amount of tracking requests from the Saudis is terrifying and terrifying
Guardian newspaper source data shows that the tracking requests from Saudi Arabia from America's main mobile operator are awesome.

The three largest Saudi mobile operators - Saudi Telecom, Mobily and Zain - have sent an average of 2.3 million tracking requests to an American mobile operator every month from November 1, 2019 to March 1, 2020. Experts say tracking Saudi mobile phones during Its transportation across the United States occurred two to 13 times an hour, allowing the operator to know the movement of the user on the map with an accuracy of hundreds of meters within the city.

Experts confirm that monitoring includes citizens
Syed Rao, researcher and technologist in security and privacy at Nokia Bell laboratories, told the Guardian newspaper that he believed the data indicated that it was "very likely" that the Saudis had participated in a surveillance campaign based on the volume of site information requests for users.

Rao added that it may be difficult to determine the number of PSI messages that can be considered normal, but the additional data provided by Guardian sources made him very confident that the requests were not legitimate.

For example, it appears that one of the Saudi operators also sent separate site requests - known as "PSL" which means subscriber provision - and these requests have been blocked by mobile phone operators in the United States due to privacy violation laws, which Indicates suspicious activity.

John Scott Rilton, a senior researcher at the Citizen Laboratory at the Monk School at the University of Toronto, said the data the Guardian saw appeared to show that foreign telecom companies were "grossly misusing" the US cellular network to track people who move around the country.

"At this moment in the crisis, phone companies, regulators and the Ministry of Justice should step in to prevent foreign powers from tracking us on our phones," he added.

The Guardian asked for comments from the three largest US mobile operators - T-Mobile, AT&T and Verizon - and asked companies whether they allowed tracking requests to be sent. Subscriber information for site tracking purposes.

T-Mobile and Verizon were not commented. AT&T said: We have security controls to prohibit location tracking messages from roaming partners.

"The malicious attackers" take advantage of the vulnerabilities of the SS7 protocol, "Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee, said in a letter to the US Communications Regulatory Authority.

He claimed that the FCC failed to act on the basis of these warnings, and blamed FCC Chairman Ajit Pai for not regulating US telecom companies.

"Because of Bay's failure, if this report is true, an authoritarian government may reach US wireless networks to track down people inside our country," Widen said in a statement to the Guardian.

The data the Guardian saw did not identify the Saudi mobile phone users being tracked.

Andrew Miller, an expert and former member of Barack Obama's National Security Council, said the observation is part of the way the kingdom works. "I think they are watching not only those who know they are defectors, but those who fear they might deviate from the Saudi leadership," he said.