Cybersecurity researchers have uncovered a Middle Eastern surveillance company exploiting a new SS7 bypass attack to track phone users’ locations without their knowledge. This attack undermines carrier protections and highlights the ongoing abuse of SS7 vulnerabilities for unauthorized surveillance. #SS7Vulnerabilities #SurveillanceVendor
Keypoints
- The attack exploits a new bypass method against SS7 security protections used by global carriers.
- It allows surveillance vendors to locate individuals to the nearest cell tower, sometimes within hundreds of meters.
- The exploit has been observed targeting a few subscribers and varies across different carriers.
- Surveillance vendors typically work for governments to conduct intelligence operations, often targeting civil society.
- Defending against these attacks largely depends on the telecom companies’ cybersecurity measures, which are uneven worldwide.