A surveillance company has exploited vulnerabilities in the SS7 protocol by manipulating TCAP messages, enabling them to track user locations without detection. Enea reports that these attacks have been ongoing since late 2024, highlighting weaknesses in mobile network signaling security. #SS7Vulnerabilities #TCAPManipulation
Keypoints
- The attack targets the SS7 protocol by altering TCAP messages to hide IMSI information.
- Manipulations involve extending the Tag code in TCAP to bypass security checks.
- Mobile operators should block malformed PDUs and verify IMSI presence to prevent such attacks.
- The vulnerabilities are linked to outdated SS7 decoding stacks that do not interpret extended TCAP codes properly.
- The technique has been used since late 2024, primarily by surveillance companies to extract location data.
Read More: https://www.securityweek.com/surveillance-firm-bypasses-ss7-protections-to-retrieve-user-location/