A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations

Recent investigations by cybersecurity experts have revealed that a surveillance company operating in the Middle East has been exploiting a newly discovered vulnerability to track individuals' phone locations. This attack circumvents the security measures implemented by mobile carriers to safeguard against unauthorized access to SS7, the Signaling System 7, a crucial set of protocols that global telecom operators utilize to manage call and text routing. Security researchers from Enea, a firm specializing in cybersecurity solutions for telecoms, reported that the surveillance vendor has been taking advantage of this exploit as early as late 2024. The attack allows the company to pinpoint the location of mobile phone users without their consent. Enea’s VP of Technology, Cathal Mc Daid, shared insights with TechCrunch, noting that the vendor primarily targeted a limited number of subscribers and that the effectiveness of the attack varied among different carriers. The exploit enables the surveillance firm to determine an individual’s proximity to the nearest cell tower, which can be narrowed down to a few hundred meters in densely populated areas. Although Enea informed the affected telecom provider about the misuse of the exploit, they opted not to disclose the name of the surveillance vendor, only confirming its base in the Middle East. Mc Daid expressed concern over the increasing trend of malicious entities leveraging such vulnerabilities to track individuals, suggesting that the ongoing discovery and exploitation of these weaknesses could lead to even more serious breaches. Surveillance vendors, which often include companies that create spyware or provide internet traffic services, primarily serve government clients for intelligence-gathering missions. While these tools are often justified as necessary for monitoring serious criminal activity, they have also been misused against journalists, activists, and other civil society members. Historically, access to SS7 has been gained through various means, such as local telecom partnerships or government connections. Unfortunately, due to the inherent nature of these attacks operating at the network level, individual phone users have limited options for protection. The responsibility to safeguard against such exploits largely falls on telecom companies. In recent years, many carriers have implemented firewalls and enhanced cybersecurity protocols to defend against SS7 vulnerabilities. However, the inconsistent security measures across the global telecommunications landscape mean that not all networks, including those in the United States, are equally protected. According to communications with Senator Ron Wyden’s office, the U.S. Department of Homeland Security highlighted that since 2017, several countries, including China, Iran, Israel, and Russia, have exploited SS7 vulnerabilities to target U.S. citizens. Additionally, Saudi Arabia has been reported to misuse these same weaknesses to surveil its own citizens residing in the U.S.