Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Protective researchers say they have exploited a new attack that the Middle East is capable of expressing the customer’s position of phone operators.
The attack depends on bypassing the protection that careers kept protecting the intruders from SS7 access, or a private set of protocols used by the global phone carrier to root customers around the world, signaling system 7, signaling system 7.
SS7 Carriers Allow to request information about which cell towers are connected to a customer’s phone, usually when customers call or text someone from abroad are used properly for billing.
Researchers at the CyberCCURATION FROM ANEA that provide protection for the phone carrier, says This week They observed anonymous surveillance vendor that used the new bypass attack in the end of 2024 to get people’s phone positions without their knowledge.
Technology Cathal MC Dide’s ANEA VP, who composed the blog post, told TechCrunch that the company noticed the surveillance vendor’s target “Only a few customers” and the attack does not work against all phone careers.
MC Dyed said that the bypass attack allows the surveillance seller to identify a person in the nearest cell towers, which may be several hundred meters narrow in urban or densely populated areas.
The ANEA has notified the phone operator that it is being used to exploit, but the surveillance refuses to name the seller, it was located in the Middle East without noticeable.
MC Daid told TechCrunch that the attack was part of the growing tendency of contaminated operators using this type of exploitation to achieve a person’s position, warning the vendors behind their use “they would not discover and use them if they were not successful.”
“We expect that more can be found and used,” said MC Dide.
Surveillance vendors, which may include Spyware manufacturers And bulk internet traffic suppliers, private companies that usually work exclusively to conduct intelligence collection work against individuals for government customers. Governments often claim Use spyware And the other Exploitative technology Against serious criminals, but also used to target civil society members with equipment Journalists And StaffThe
In the past, surveillance vendors have obtained access to SS7 through local phone operators, an abuse Lease “Global title,” Or through official connection.
However, due to the nature of these attacks at the cell network level, the customers of the phone can rarely do to protect against exploitation. Rather, the issue of defending against these attacks depends largely on telecom companies.
In recent years, phone companies have installed firewalls and other cyberquacy protection to protect against SS7 attacks, but the patches of the global cell network mean that not all carrier is as protected as the United States of America.
Accordingly A letter The Homeland Security Department of the United States said last year to “exploit” US customers in several countries, especially China, Iran, Israel and Russia, SS7, in the United States Homeland Security Department, 2017. Saudi Arabia has also been Freedom of abuse has been found To monitor its citizens in the USA in SS7.