Security researchers have uncovered two separate spy campaigns exploiting vulnerabilities in global phone networks. These campaigns, likely just a small glimpse of a larger issue, reveal how easily governments and tech companies can access your location data without consent.

The flaws lie within protocols like Signaling System 7 (SS7) and Diameter. Despite efforts to improve security with Diameter for newer networks, SS7’s inherent vulnerabilities still allow rogue operators to abuse these systems. Telecom providers such as 019Mobile and Tango Networks have been implicated in these campaigns.

These vendors operate as ‘ghost’ companies, pretending to be legitimate cellular providers. They gain access through specific telecom networks, allowing them to hide behind infrastructure to track their targets without being detected. The third provider, Airtel Jersey, is also linked to prior surveillance activities, raising further concerns about network security.

The research highlights a deliberate and well-funded operation with deep integration into the mobile signaling ecosystem. While some companies like Sure have taken steps to mitigate misuse, the scale of this problem suggests widespread exploitation remains a significant threat to privacy.