Skip navigation
The Habeas Citebook Ineffective Counsel - Header

Tracking Your Cellphone Might Be Easier Than You Think

by Michael Dean Thompson

The University of Toronto’s Citizen Lab investigated weaknesses in the manner with which cellphones and their locations are passed from tower to tower. What they found was that it was remarkably easy for a state agency, telephone company, and others to track cellphones using the archaic technologies that enable cellphones to be truly mobile.

As a cellphone travels between cell towers, sometimes at high rates of speed, cell towers must pass messages back and forth that identify the subscriber. It allows the cell tower awaiting the mobile user to make certain connections that are available in anticipation of the customer’s needs. However, each cell tower may have a different owner or operator. For that reason, a common exchange has been created that gives the towers the ability to share information and verify subscriber information irrespective that the phone and tower originate from different networks.

The IP Exchange (“IPX”) is a network that assists cellphone companies to share data about their customers. The IPX, however, is vulnerable to bad actors who wish to track cellphone users anywhere in the world. Anyone hooked into the IPX can monitor a cellphone’s movements with ease. And getting access is not terribly difficult. As it turns out, telecom companies can put access to IPX on the market, “creating further opportunities for a surveillance actor to use an IPX connection while concealing its identity through a number of leases and subleases,” Citizen Lab reported. That is not hard to imagine when you consider how many cellphone providers there are in the U.S. alone. Of the 195 countries that use the IPX, there are over 750 networks. That number is even more impressive (or alarming) when you consider how many countries like Vietnam have just one state-owned cellular network.

Gary Miller, one of the coauthors of the report, is a mobile security researcher who by October 2023 had already tracked 11 million geolocation attacks that year from Chad and the Democratic Republic of Congo alone. Researchers also found trackers using Vietnam’s GTel Mobile to follow African cellular customers. In addition, Citizen Lab found what they believed to be a “state-sponsored activity intended to identify the mobile patterns of Saudi Arabia users who were traveling in the United States.” That effort apparently queried the Saudi locations every 11 minutes. Citizen Lab points out how truly global the problem has become as they have found India, Iceland, Sweden, Italy, and more engaged in surveilling cellphones through the IPX.

There are no real legal and regulatory challenges for members of the IPX with regard to cellphone tracking, according to Citizen Lab. The relative lawlessness and terrible security standards have resulted in this manner of tracking easy and efficient. The worst part is not that China or Russia may find you of interest and have no problem finding you. The problem is that there is nothing stopping our own government from doing so. Furthermore, your cellphone only needs to be on and off of airplane mode for this manner of tracking to work. As if there aren’t already enough ways to track and surveil us without our knowledge or consent, here’s yet another.   





Disciplinary Self-Help Litigation Manual - Side
PLN Subscribe Now Ad 450x450
The Habeas Citebook Ineffective Counsel Side