SS7 <\/a>for surveillance purposes. SS7 was originally designed to route calls and text messages, enable international roaming, and connect different mobile operators.<\/p>\n![\"d\"](\"https:\/\/www.europesays.com\/iran\/wp-content\/uploads\/2026\/05\/how-eng-desktop.webp\")
Close<\/p>\n
British regulators banned the practice last week in an effort to crack down on tracking spyware, after more than a decade of investigative reporting on its abuse, calling the practice the largest source of malicious traffic to mobile networks.<\/p>\n
Moreover, Citizen Lab’s findings show that newer signalling systems \u2013 introduced to strengthen security measures \u2013 are being similarly exploited by spyware firms, despite being designed to mitigate security risks and prevent surveillance.<\/p>\n
One example is Diameter, a mobile network system that handles 4G international roaming and most 5G networks, designed to streamline cellular connectivity to the internet, which was now shown to be susceptible to tracking spyware.<\/p>\n
Related Articles<\/p>\n
In the first operation uncovered by Citizen Lab, researchers logged more than 500 location-tracking attempts between November 2022 and 2025 across Thailand, South Africa, Norway, Bangladesh, Malaysia and several other African countries. The investigation began with a single subscriber: a Middle East businessman tracked methodically over four hours in an episode that opened the door to the broader pattern researchers later mapped: a company querying the international phone system on behalf of clients to follow targets.<\/p>\n
An Israeli carrier, 019Mobile, was used in the operation. According to information obtained by Haaretz, dozens of separate tracking attempts appear to have passed through 019’s servers – requests that did not look like legitimate communications but like surveillance. Every mobile network has a unique address \u2013 similar to a website address \u2013 that other telecom companies use to route calls and data traffic. Citizen Lab found that addresses registered to 019 were used to send location-tracking requests through Partner Communications, whose infrastructure 019 relies on. Another route passed through Exelera Telecom, an Israeli company that provides cloud and communications services, including an international undersea fiber-optic cable. Exelera did not respond to Haaretz’s request for comment.<\/p>\n
019Mobile’s head of security, Gil Nagar, denied any involvement, writing that the company is a virtual operator, selling service over another carrier’s network without running its own, and has no roaming agreements with foreign carriers. He said messages sent in its name would have been “rejected” in any case. Citizen Lab says whoever is behind the operation may have forged 019’s identity to gain access.<\/p>\n
Although the Canadian researchers do not publicize the vendors behind the operations, they do flag several potential suspects – among them Cognyte, an Israeli-American company that provides similar services to government clients.<\/p>\n
Haaretz PodcastHow a Haaretz investigation into stolen Ukrainian wheat triggered a diplomatic crisis<\/p>\n
play<\/p>\n
Haaretz Podcast<\/p>\n
How a Haaretz investigation into stolen Ukrainian wheat triggered a diplomatic crisis<\/p>\n
Volume: 0.5<\/p>\n
X1<\/p>\n
total– : –time0:00<\/p>\n
fast forward15<\/p>\n
play<\/p>\n
rewind15<\/p>\n
Internal files obtained by Haaretz show that Cognyte’s parent company, Verint, sold a product called SkyLock – an SS7-based tracking tool – to a government client in the Democratic Republic of Congo.<\/p>\n
SkyLock uses the old roaming system to locate devices anywhere in the world. The files also show the company’s commercial ties with operators in Thailand, Malaysia, Indonesia, Vietnam and Congo – some of the same countries where the first tracking campaign was later identified. One of those operators, AIS Thailand, also appears as a source of traffic in that campaign.<\/p>\n
Another operation is attributed to Fink Telecom Services<\/a> \u2013 a Swiss company exposed by Haaretz and Lighthouse Reports in 2023 for supplying SS7-based tracking capabilities to surveillance firms, allowing them to ping the mobile network as if they were mobile providers. <\/p>\n![\"Russian](\"https:\/\/www.europesays.com\/iran\/wp-content\/uploads\/2026\/05\/hcjfw8oawaqhhbn.jfif.jpeg\")
Haaretz national security<\/p>\n
Researchers say that newer mobile infrastructure, meant to prevent exactly this kind of abuse, is being exploited in a very similar way as the older system it was supposed to render obsolete. In fact, it shows how both the old and new signaling systems are being used in tandem to try to find people.<\/p>\n
One method includes deploying a technique that exploits vulnerabilities in SIM cards, showing how the firms and ghost operators are adapting their surveillance methods as telecom infrastructure evolves. The target phone receives a hidden text message containing a secret command that prompts the SIM card to transmit the device’s location \u2013 without the user’s knowledge and without leaving any visible trace on the phone.<\/p>\n
Citizen Lab identified more than 15,700 such tracking attempts since late 2022. When Haaretz and Lighthouse Reports exposed Fink’s activity in 2023, it did not yet employ this technique, known as SIMjacking.<\/p>\n
Fink, Exelera Telecom, and Verint\/Cognyte did not respond. Partner told Haaretz that the company “has no connection to the current case and any attempt to link its name to it is mistaken.”<\/p>\n","protected":false},"excerpt":{"rendered":"Israeli telecom infrastructure was used to track citizens in more than ten countries over the past three years,…\n","protected":false},"author":2,"featured_media":95574,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[2241,37],"class_list":{"0":"post-95573","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-israel","8":"tag-cyber-warfare","9":"tag-israel"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@iran\/116510726894515701","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/posts\/95573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/comments?post=95573"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/posts\/95573\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/media\/95574"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/media?parent=95573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/categories?post=95573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/iran\/wp-json\/wp\/v2\/tags?post=95573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}