Mobile communication is at the core of daily life, powering everything from casual chats to corporate strategies and even national defense. What’s often overlooked is the intricate web of mobile interconnect providers operating behind the scenes, enabling international calls, texts and data transfers. 

While this infrastructure is built for efficiency, it also creates security vulnerabilities, especially when state-controlled organizations are in the mix. This is precisely what our latest report, Data in the Middle, explores: the hidden dangers posed by China’s state-controlled mobile interconnect providers and the implications for global cybersecurity.

Mobile Interconnect - Why Does It Matter?

Mobile interconnect refers to the global network infrastructure that allows different mobile operators to communicate with each other. When you travel abroad and use your phone, or when you call someone in another country, your data doesn’t travel in a straight line. Instead, it passes through various interconnect providers - third-party entities that act as intermediaries between the roaming network you’re connected to and your home mobile operator.

However, the problem is that many of these interconnect providers use outdated and vulnerable protocols like SS7 and Diameter, which were never designed with modern security threats in mind. Even more concerning, some of the biggest interconnect providers are controlled by the Chinese government, creating a huge risk of global surveillance and cyber espionage.

Key Findings from Data in the Middle

Our report reveals several key findings:

1. China’s mobile interconnect providers, including China Mobile International, China Telecom Global, China Unicom Global, CITIC Telecom International, and PCCW Global Hong Kong, play a dominant role in global mobile traffic.

2. At least 60 mobile operators in 35 countries, including U.S. allies like Japan, South Korea, and New Zealand, route sensitive mobile traffic through these Chinese-owned networks.

3. Because mobile signaling protocols are unencrypted, China-controlled networks have direct, man-in-the-middle, access to authentication data, SMS messages, location updates, and even internet traffic for millions of users worldwide.

4. These vulnerabilities are not just theoretical. There have been multiple real-world cases where attackers have exploited SS7 and Diameter to intercept communications and steal sensitive data.

5. State-backed cyber actors can exploit mobile interconnect networks for passive and active surveillance, allowing them to track users, manipulate traffic and even deploy spyware.

The Man-in-the-Middle Problem

One of the core issues is man-in-the-middle attacks. These occur when an attacker secretly intercepts and potentially alters communications between two parties without their knowledge. With mobile interconnect, China’s state-owned providers have a perfect position to conduct these attacks on a massive scale.

For example, a 2021 CrowdStrike report revealed that the China-based LIMINAL PANDA threat group exploited mobile roaming interconnects to gain access to operator core networks. This allowed them to track devices, intercept communications and conduct espionage on a massive scale. 

However, China’s role in mobile interconnect means the potential impact is far greater. It’s not just about individual cyber incidents but rather a global infrastructure that affects millions, if not billions, of users.

By leveraging their control over interconnect networks, China’s operators can:

1. Track device locations in real time – useful for monitoring high-profile individuals or conducting espionage.

2. Intercept SMS and voice communications – allowing them to steal credentials, compromise business communications, etc.

3. Silently push spyware or malware onto target devices using signaling-level attacks.

4. Disrupt or manipulate communications by rerouting or injecting malicious network commands.

And a whole lot more. The full Data in the Middle report provides an in-depth analysis of how China’s state-owned mobile interconnect providers facilitate surveillance, the vulnerabilities in global mobile signaling networks, real-world exploitation cases and the broader geopolitical implications. 

Download the full report to learn more about the risks and the bigger picture.

Secure Your Mobile Devices with iVerify

To mitigate these risks, iVerify Mobile EDR and Elite offer a travel security feature designed to protect mobile devices at every stage of international travel - before departure, during the trip and after returning home. Users can enhance their device security, run sysdiagnose scans, and access real-time travel risk assessments to identify vulnerabilities and prevent potential surveillance.

Rather than relying on temporary phones or exposing their primary device to risk, travelers can use iVerify to self-enroll their destinations, manage security settings and receive proactive threat insights tailored to their location. This ensures a balance between connectivity and protection, giving users the confidence to travel securely.

Reach out to learn more about how we can protect your organization today.