A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations

A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations

Recent investigations by cybersecurity experts have revealed that a surveillance company operating in the Middle East has been exploiting a newly discovered vulnerability to track individuals' phone locations. This attack circumvents the security measures implemented by mobile carriers to safeguard against unauthorized access to SS7, the Signaling System 7, a crucial set of protocols that global telecom operators utilize to manage call and text routing. Security researchers from Enea, a firm specializing in cybersecurity solutions for telecoms, reported that the surveillance vendor has been taking advantage of this exploit as early as late 2024. The attack allows the company to pinpoint the location of mobile phone users without their consent. Enea’s VP of Technology, Cathal Mc Daid, shared insights with TechCrunch, noting that the vendor primarily targeted a limited number of subscribers and that the effectiveness of the attack varied among different carriers. The exploit enables the surveillance firm to determine an individual’s proximity to the nearest cell tower, which can be narrowed down to a few hundred meters in densely populated areas. Although Enea informed the affected telecom provider about the misuse of the exploit, they opted not to disclose the name of the surveillance vendor, only confirming its base in the Middle East. Mc Daid expressed concern over the increasing trend of malicious entities leveraging such vulnerabilities to track individuals, suggesting that the ongoing discovery and exploitation of these weaknesses could lead to even more serious breaches. Surveillance vendors, which often include companies that create spyware or provide internet traffic services, primarily serve government clients for intelligence-gathering missions. While these tools are often justified as necessary for monitoring serious criminal activity, they have also been misused against journalists, activists, and other civil society members. Historically, access to SS7 has been gained through various means, such as local telecom partnerships or government connections. Unfortunately, due to the inherent nature of these attacks operating at the network level, individual phone users have limited options for protection. The responsibility to safeguard against such exploits largely falls on telecom companies. In recent years, many carriers have implemented firewalls and enhanced cybersecurity protocols to defend against SS7 vulnerabilities. However, the inconsistent security measures across the global telecommunications landscape mean that not all networks, including those in the United States, are equally protected. According to communications with Senator Ron Wyden’s office, the U.S. Department of Homeland Security highlighted that since 2017, several countries, including China, Iran, Israel, and Russia, have exploited SS7 vulnerabilities to target U.S. citizens. Additionally, Saudi Arabia has been reported to misuse these same weaknesses to surveil its own citizens residing in the U.S.

Sources : TechCrunch

Published On : Jul 18, 2025, 19:35

Streaming
Netflix Director Sentenced to Prison for $11 Million Fraud Scheme

Carl Rinsch, a director known for his work with Netflix, has been sentenced to two and a half years in prison after bein...

Business Insider | Jun 29, 2026, 21:55
Netflix Director Sentenced to Prison for $11 Million Fraud Scheme
Computing
South Korea's Ambitious $1 Trillion Plan to Revolutionize Tech with Chips and Robots

In a bold move to enhance its position in the global technology landscape, South Korea is set to invest a staggering $1 ...

Ars Technica | Jun 29, 2026, 21:10
South Korea's Ambitious $1 Trillion Plan to Revolutionize Tech with Chips and Robots
Cybersecurity
Google Raises Alarm Over EU's Proposed Regulations Impacting User Privacy

The European Commission is intensifying efforts to regulate Big Tech, with new proposals for Google set to be unveiled n...

Ars Technica | Jun 29, 2026, 18:30
Google Raises Alarm Over EU's Proposed Regulations Impacting User Privacy
Startups
AeroVironment's Stock Skyrockets After Strong Q4 Earnings and Growing Backlog

AeroVironment's shares surged by 17% in after-hours trading on Monday following an impressive report of its fourth-quart...

CNBC | Jun 29, 2026, 21:45
AeroVironment's Stock Skyrockets After Strong Q4 Earnings and Growing Backlog
Science
Could Early Detection Have Mitigated Ozone Layer Damage?

The global ban on substances that deplete the ozone layer is widely viewed as a successful environmental initiative that...

Ars Technica | Jun 29, 2026, 19:05
Could Early Detection Have Mitigated Ozone Layer Damage?
View All News