- • A surveillance company is exploiting a new SS7 bypass attack to track mobile phone users' locations, leveraging vulnerabilities in the TCAP layer of SS7 networks.
- • The attack can pinpoint user locations with high accuracy, sometimes within a few hundred meters, without user consent or knowledge.
- • No specific CVEs have been disclosed for this newly identified attack vector, but it highlights critical weaknesses in the global telecommunications infrastructure.
- • Immediate actions for mobile operators include reviewing SS7 security configurations and implementing stricter access controls to mitigate unauthorized location tracking.
- • Threat actor attribution remains unclear, but the operation indicates a sophisticated level of expertise in exploiting telecommunications protocols.
A surveillance firm has been found using a new SS7 bypass attack to track mobile phone users' locations without authorization, exploiting vulnerabilities in the TCAP layer of the SS7 protocol. This attack can accurately determine user locations, raising significant privacy concerns. Mobile operators are urged to reassess their SS7 security measures, implement stricter access controls, and monitor for unauthorized access attempts. While no specific patches are available for this attack, enhancing network security protocols and user consent mechanisms is critical to prevent exploitation.