Researchers suggest 25 countries are using a kind of mobile spyware that monitors texts, location

Circles exploits mobile phone vulnerabilities via a hard-to-detect bit of surveillance, according to Citizen Lab.
(Getty Images)

A private surveillance firm that exploits mobile network vulnerabilities to spy on calls, texts and location data is doing business with at least 25 governments around the globe, including some with histories of human rights abuses, concludes a report released Tuesday.

The findings from the University of Toronto’s Citizen Lab scrutinize the work of the company Circles, which is a sister firm of the Israeli software surveillance broker NSO Group. Human rights activists frequently criticize NSO Group for selling its equipment to repressive regimes, a charge it rejects, even as it is the subject of a lawsuit from Facebook, which alleges that attackers used NSO Group tech to spy on thousands of WhatsApp users.

The countries Citizen Lab identified as “likely” customers of Circles: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates, Vietnam, Zambia and Zimbabwe.

“The authoritarian profile of some of Circles’ apparent government clients is troubling, but not surprising,” the Citizen Lab team wrote. “Over the past decade, the explosion of the global surveillance industry has fueled a massive transfer of spy technology to problematic regimes and security services.”


Circles, which according to Citizen Lab says it only sells to nation-states, exploits weaknesses in Signalling System No. 7, a set of protocols used by telecommunications carriers to route calls. Attackers connected to an SS7 network can send commands to a phone, which allows them to track its location, as well as to intercept voice calls and two-factor authentication texts, Citizen Lab said, although it noted SS7 is mainly used in 2G and 3G networks today.

And there’s no trace that Circles’ product has been on a victim’s phone. But Citizen Lab said it was able to conduct internet scans for a unique signature “associated with the hostnames of Check Point firewalls used in Circles deployments.”

NSO Group did not return messages seeking comment on the Citizen Lab report. A spokesperson told Forbes it had not yet seen the report, that both companies have high ethical standards and that Circles was focused on search and rescue and “tactical geological technology.” NSO Group is a frequent target of critical Citizen Lab reports.

“Given Citizen Lab’s track record, we imagine this will once again be based on inaccurate assumptions and without a full command of the facts,” the spokesperson said.

Latest Podcasts