April 23, 2026
Find My Phone goes full villain
Surveillance vendors caught abusing access to telcos to track people's locations
Ghost phone companies, real-life stalking, and a global freak‑out
TLDR: Citizen Lab says fake “ghost” companies tapped into real carriers and old network loopholes to locate people, even high-profile targets. Commenters are enraged—sharing stalking stories, warning of state testing in conflict zones, and arguing whether telcos or governments should pay—served with gallows humor about our phones snitching on us.
The internet is melting down over a new Citizen Lab report: surveillance vendors allegedly posed as fake “ghost” carriers to hitch a ride on real phone networks and ping people’s locations. The researchers say the schemes abused weak spots in the old plumbing of telecoms—SS7 (the ancient call-routing rules) and even bits of the newer Diameter (the 4G/5G version), especially when carriers don’t switch on all the protections. Named in the report: 019Mobile in Israel, Tango Networks U.K., and Airtel Jersey (now under Sure). Sure told TechCrunch it doesn’t knowingly lease this access and claims it blocks abuse; the others stayed quiet. Targets? Reportedly “high-profile” people—cue the paranoia sirens.
The comments lit up. The rawest energy came from real-life fear: one user says a friend was tracked by a “stalker ex” who worked at a telco, and police brushed it off. Geopolitics instantly crashed the party—another commenter claims Gaza and Lebanon are “guinea pigs” for invasive tech, while someone else throws a grim curveball about Israel’s new death penalty. The thread split between “this is what happens when telcos cut corners” and “these vendors and their government clients will always find a way.” Meanwhile, the meme mood? “Find My Phone, but make it dystopia,” plus jokes about “ghost companies” doing the ghosting. It’s equal parts outrage, dread, and gallows humor—and nobody’s feeling safe.
Key Points
- •Citizen Lab identified two surveillance campaigns using telecom signaling vulnerabilities to geolocate targets.
- •The campaigns abused access to three telecom providers: 019Mobile (Israel), Tango Networks U.K., and Airtel Jersey (now owned by Sure).
- •SS7’s lack of authentication/encryption enables rogue tracking; carriers’ inconsistent Diameter protections leave gaps and allow SS7 fallback.
- •Sure’s CEO stated the company monitors and blocks inappropriate signaling and suspends/terminates confirmed misuse.
- •019Mobile and Tango Networks did not comment to TechCrunch; 019Mobile’s IT/security head told Citizen Lab it cannot confirm the identified infrastructure belongs to the company.