BURSTU.S. allies are among the 35 countries where mobile providers employ China-based networks for transporting user traffic, opening travelers and residents in those nations to potential surveillance, an analysis published Thursday concludes.
“Everyone knows that they have to be careful with their phones when they travel to China,” Rocky Cole, chief operating officer at iVerify, told CyberScoop. “But what we’ve done is some research that shows that China is everywhere. Chinese technology is an integral part of the mobile backbone of the world.”
Sixty operators in those 35 nations — a list that includes Japan, Saudi Arabia and New Zealand — make use of China- and Hong Kong-headquartered interconnect services from China Mobile International, China Telecom Global, China Unicom Global, CITIC Telecom International and PCCW Global Hong Kong, according to iVerify.
“A major issue lies in the fact that these providers operate under the direction of the Chinese government, raising the risk of global surveillance, data interception, and exploitation for state-sponsored cyber espionage,” the analysis reads. “Their role in the mobile interconnect system grants them access to critical functions, including device authentication, call setup, SMS delivery, location updates, and data session management — making them prime channels for exploiting network vulnerabilities.”
Chinese infiltration of telecommunications infrastructure is a major fear in the United States, with years of effort and billions allocated to removing China-made equipment from Huawei and ZTE from U.S. telecom networks. U.S. officials have also sounded alarms over the massive Salt Typhoon breach of providers.
iVerify drew its analysis from documents that mobile network operators submitted to the GSM Association (GSMA), with GSM standing for “Global System for Mobile” communications. The Federal Communications Commission is investigating several of the China-based companies on iVerify’s list to see if they’re evading U.S. restrictions.
Unraveling connections to those companies is a difficult prospect, Cole said. An organization like the GSMA “would need to update their standard that signaling data needs to be encrypted,” he said. “A certain amount of metadata has to be in the clear in order for communications to be routed around the world, but I think it’s time to take a look at, does all of that data need to be unencrypted?”
The post 35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks appeared first on CyberScoop.