What if tracking someone’s real-time location didn’t require malware or exploits, but just a phone call? In 2026, a critical misconfiguration in a European telco network allowed callers to determine a person’s location without the call being answered, and without leaving meaningful traces. Affecting a large portion of a national subscriber base, this issue exposed sensitive groups including journalists, politicians, and security-cleared individuals. This talk explores how complex telecom infrastructure can unintentionally enable large-scale surveillance, and why such weaknesses can remain hidden for years. It also highlights a concerning shift: with AI-assisted analysis, the barrier to discovering and exploiting these systems is rapidly decreasing. What once required nation-state capabilities can now be achieved by small teams in weeks.
