Chinese Telcos Provide Backbone for US Allies' Mobile Traffic, Raising Espionage Concerns

A recent report by iVerify and other researchers has uncovered a concerning trend: mobile networks in countries like Japan, South Korea, and New Zealand route telecom traffic through Chinese state-backed infrastructure. This raises serious espionage concerns for U.S. allies who rely on these networks.

The analysis found that over 60 mobile operators from 35 countries, including close U.S. security partners like Saudi Arabia, use Chinese state-owned telecom infrastructure to route sensitive mobile traffic. These operators, in turn, subject their users to potential interceptions by Beijing.

Major Chinese telecom transit providers, such as China Mobile International, China Telecom Global, and CITIC Telecom, facilitate possible "man-in-the-middle" access to sensitive mobile communications in transit. This means that even if a target is not physically using their phone within Chinese borders, security researchers have found ways to intercept their communications.

"Interconnect services provided by China operators include the transport of highly sensitive signaling data used in device authentication, call setup, SMS, network location updates, setting up data sessions and transporting internet data for international travelers," the report said. This is a concerning development, as it highlights the potential for Chinese espionage to intercept sensitive communications.

Countries identified in the findings include Japan, South Korea, Saudi Arabia, and New Zealand, whose mobile networks were found to rely on Chinese routing infrastructure for portions of their international traffic. Taiwan was also found to have multiple operators using Chinese-owned signaling routes.

The analysis used data from the GSM Association — a global industry organization representing mobile network operators and related firms — that was provided through the Mobile Surveillance Monitor Project, an iVerify spokesperson said. The report warned that the telecommunications nexus, as architected, could enable further Chinese spying.

"Dependencies on mobile operators and their users passing internet and communications traffic through China's interconnect infrastructure reveal tools for state-sponsored surveillance," it said. "Unless addressed through policy intervention, the integration of these networks into global telecom infrastructure poses a direct threat to the privacy and security of billions of mobile users worldwide."

The technical vulnerabilities stem from long-existing telecom routing protocols — such as SS7 and Diameter — that remain widely used to enable mobile roaming, but were never designed with encryption or authentication in mind. These weaknesses have been exploited by both state-sponsored threat groups and private surveillance vendors to track user locations, intercept communications, and deliver spyware to targeted devices.

In several instances, iVerify found mobile operators that both rely on Chinese interconnect providers and rely on core networking equipment from Huawei or ZTE — two vendors barred from doing business in the U.S. by the Federal Communications Commission. One such operator, Tampnet, provides maritime communication needs for offshore oil platforms and was found to use Huawei equipment to manage subscriber data and routing.

The findings come amid heightened U.S. efforts to scrutinize Chinese technology and telecom firms' linkages to domestic critical infrastructure. The FCC said last month that it's probing a group of Chinese communications providers that the agency says could still be operating in the U.S. despite prior restrictions being levied on them.

Telecom security became top-of-mind last year following the discovery of a vast hacking campaign deployed by Salt Typhoon, a Chinese cyberespionage unit, which burrowed into the systems of dozens of telecom companies in the U.S. and around the world. In response to the Salt Typhoon intrusions, the Commerce Department moved to jettison the remaining American operating units of China Telecom, the New York Times reported in December.