Circles, a private surveillance company, spied on texts, calls and locations of phones at the behest of governments in at least 25 countries without hacking the phones directly, according to Citizen Lab, a research group at the University of Toronto.
The revelation only adds to the public’s concern that their smartphones are spying on them.
Circles’ products work by accessing telecommunications companies around the world. The company, which is affiliated with the Israeli tech and spyware firm NSO Group, sells its technology to nation-states, according to the report.
David Evenden, a former U.S. National Security Agency analyst, said confirmation of the existence and capabilities of the snooping system was frightening. He compared Circles’ tools to those that the American government shuttered after leaks from former NSA contractor Edward Snowden.
“I’ve never seen a system like this before in the wild,” Mr. Evenden said. “Its existence at the NSA was enough to violate the privacy concerns and was ‘shutdown.’ The collection of that type of data by governments is pretty scary.”
Circles’ technology relies on a computer protocol used primarily with 2G and 3G mobile networks that lack authentication requirements and allow cyberattackers to make a user’s phone appear to be “roaming,” which is then exploited to track locations, intercept calls and read SMS text messages, according to Citizen Lab.
The researchers used internet scanning to identify where Circles’ technology was deployed and matched the digital fingerprints of Circles’ users to at least 25 countries, including Mexico, Israel and the United Arab Emirates.
In response to questions from The Washington Times, NSO provided a statement attesting to the ethical conduct of Circles, which it described as a sister company but an independent entity.
“CitizenLab’s predetermined agenda means it has once again published a report based on inaccurate assumptions and without a full command of the facts,” it said.
When asked, NSO did not identify alleged inaccurate assumptions or misstated facts.
Citizen Lab disputed the NSO’s criticism.
“Our ‘predetermined agenda’ is to undertake accurate, peer-reviewed evidence-based research,” said Ron Deibert, Citizen Lab director. “NSO, Circles and other companies try to deflect from the facts because they are highly inconvenient to them. Impugning our motives is a transparently obvious (but ultimately ineffective and inaccurate) way to respond.”
The Citizen Lab report alleged that all U.S. wireless networks are vulnerable to the exploits used by Circles and pointed to a 2017 Department of Homeland Security report to support its claim.
DHS’ Cybersecurity and Infrastructure Security Agency told The Washington Times it works with major telecommunications companies to mitigate cyber risks to cellular networks, including via its participation in the Communications Security, Reliability and Interoperability Council.
“We encourage all Americans to follow the same basic cybersecurity and privacy practices on their phones as they would on a computer, including keeping software up to date and considering using apps that encrypt their communications,” a CISA spokesperson said.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.