December 15th, 2020–A new report alleges China has conducted mass surveillance of US mobile phones via China Unicom and proxies in the Caribbean.
The story was broken by the Guardian after it spoke to mobile security researcher Gary Miller. His Far From Home Threat Intelligence Report tracks SS7 signaling links initiated by foreign networks targeting US devices that seem dodgy. He found that in 2018 86% of all such attacks over 3G networks originated in China, with nearly all of them coming through China Unicom.
By 2019, however, hardly any attacks came from China, but the Caribbean islands of Barbados and Antigua accounted for 28% and 19% of them, respectively.
Moving onto 4G, China and Unicom were once more top of the list in 2018, but France and the UK also accounted for a significant proportion for some reason. In 2019 Flow Barbados accounted for over a quarter of attacks.
Miller told the Guardian he reckons the volume of attacks points to mass surveillance and the predominance of state-owned China Unicom in 2018 indicates this was state-sponsored activity.
He reckons the sudden switch to the Caribbean in 2019 suggests the use of proxy networks, but also stressed that it could have happened without the network owners knowing about if, maybe via leasing arrangements.
Both China Unicom and the Chinese government denied getting up to no good and the Caribbean operators declined to comment.
It should also be stressed that this is just one report and there could possibly be more innocent explanations for the findings. But you can bet the US and its allies will be taking the findings seriously, as well as having a look which vendors supply the kit used in the Caribbean networks.