Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Wednesday 05 July 2023 5:30 am  |  Updated:  Tuesday 04 July 2023 5:09 pm

Our mobile network is unsafe but Ofcom won’t be able to fix it by itself

By: John Hughes

Add as a preferred source on Google
Some of the communication protocols allowing our mobile networks to work date back to the 1970s. (Photo by Brett Carlsen/Getty Images)

Cyber-attacks on mobile phones are dangerous because they exploit the vulnerabilities of the network itself. To stop them, Ofcom needs help from governments and businesses, writes John Hughes

It’s easy to forget the power of the pocket-sized devices we carry on ourselves every day. Our smartphones are our wallets, our identity, and our main communication channel. But a growing group of attackers are acutely aware of how precious all this information is. It’s a one-stop treasure trove of personal data waiting to be stolen, monetised, and weaponised.

Today, there is solid awareness around online security basics like identifying phishing emails and password changing. But very few people are aware of the rise of mobile access brokers.

They’re part of a growing surveillance industry, where mobile access is sold to governments, private companies and sometimes criminals. Attackers can precisely track an individual’s location, intercept text messages, and access personal accounts using two-factor authentication.

Unlike traditional cyber-attacks, the hackers don’t rely on users’ naivety. They target the weaknesses in the very network itself. These ‘access brokers’ exploit vulnerabilities at their core, steal subscriber data, and conduct network reconnaissance to refine their targeting.

The issue lies in communication protocols. These allow mobile networks to ‘talk to each other’, determining how phone calls are routed and billed. The first of these protocols, SS7, dates back to the 1970s. All ensuing protocols, such as Diameter & GTP, must interact and connect with SS7 to ensure SMS delivery and flow of network data. However, weaknesses on SS7 make it easy for access brokers to weaponise mobile networks into geolocating location tracking services and sell this data to the highest bidder.

Notable high-profile attacks in recent years include when fleeing Emirati princess Latifa al-Maktoum was kidnapped at sea, after attempts at trying to geolocate her through her phone in March 2018. In 2021, the web accounts of several wealthy investors in Southeast Asian countries were hacked via SMS hijacking. Last summer there were several attempts to geolocate Mexican journalist Fredid Román’s phone, a day before he was shot dead.

Read more

‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.

The UK Telecommunications (Security) Act 2021 is designed to safeguard mobile operators and subscribers, with new responsibilities and powers being handed to Ofcom. The regulator can compel telecom providers to take specific steps around network security and share information with Ofcom to safeguard UK networks.

Yet, little attention has been paid anywhere in the Act to mobile access brokers. So Ofcom faces serious hurdles in ensuring operators will properly tackle the issue. Before taking any firm action, it will first need to determine how it can assess operators and their capacity for detecting these kinds of security compromises. It will also need to simultaneously establish a framework for accurately reporting threats like unauthorised access, network or service exploits, and data confidentiality compromises, all in line with the new Act.

The government estimates the cost of UK cybercrime to be £27bn per year. Cyber-attacks are also a growing pillar of state espionage and a national security issue. Mobile access brokers have become essential in this space, operating at the frontier of attacker innovation, with hack-for-hire firms offering cutting-edge targeting, tracking, and surveillance capabilities to anyone willing to pay.

Take Andreas Fink, the Swiss telecoms expert. One of Fink’s systems was recently seen in the system used by the Israeli hacker-for-hire and disinformation group Team Jorge as part of their operations, which required access to the global cellular network.

A recent international investigation led by Haaretz revealed that Team Jorge offered mass-social-media manipulation, election interference, even hijacking email, Telegram, and web accounts. More than 20 members of the Israeli crypto community also had their Telegram accounts hacked thanks to Fink’s infrastructure.

To step up to its new role as telecoms cybersecurity regulator, Ofcom needs the right resources and support to develop its knowledge and expertise.

But given the telecoms industry is so inter-connected, with each new generation built on top of the previous one, the issue is larger than any one regulator or the UK alone. Organisations must ensure the right routing and filtering signalling protection is in place. Globally, operators and regulators must cooperate closely to identify these vulnerabilities better as they emerge, armed with the latest threat intelligence.

Read more

4chan ridicules Ofcom again as watchdog chases unpaid £520k fine

Ofcom fines 4chan in regulatory action, highlighting platforms compliance issues and internet governance challenges.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • Opinion

Categories

  • Opinion

Trending Articles

  • Billionaire Easyjet founder in line for £800m payday from takeover

  • The former African gold miner taking on the billionaire Issa brothers

  • Tesco ‘in talks’ to exit eastern Europe

  • Pension pressure to help swell UK debt to three times size of economy

  • As it happened: FTSE 100 slump as oil soars; Trump says Iran will be ‘hit hard’ tonight

More from City PM

  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • 4chan ridicules Ofcom again as watchdog chases unpaid £520k fine

    Tech
    Ofcom fines 4chan in regulatory action, highlighting platforms compliance issues and internet governance challenges.
  • Virgin Media slapped with £28m fine for stopping customers cancelling deals

    Telecoms
    Vans parked at a bustling city intersection surrounded by tall buildings and pedestrians, highlighting urban transportatio...
  • Natwest boss becomes latest City figure caught in AI social media scam

    Banking
    NatWest building exterior with logo, highlighting corporate presence and architecture on a business news website.
  • Darktrace says Anthropic was right to pause Mythos on ‘security and safety’ grounds

    Tech
    Dario Amodei, CEO of Anthropic, speaking at a tech conference podium, wearing a suit and addressing the audience.
  • Airspan Networks Joins Oramach and iVent’s ARES Consortium for European Mission-Critical Communications

    Business Wire
  • ‘Protecting children is right’: Starmer takes on Big Tech with social media ban for under-16s

    Politics
    Keir Starmer speaks in Downing Street
  • How compliance leaders are guarding the truth in the AI era

    Partner
    A still from a news segment titled PAAA7126 MOV 04 37 01 23 showing a significant event or scene relevant to the articles ...

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook