A surveillance company in the Middle East is exploiting a new attack to trick phone operators into revealing a subscriber's location. This attack bypasses security protections around SS7, a set of protocols used by global phone carriers. Enea, a cybersecurity company, has observed the vendor using this method since late 2024 to obtain phone locations without user consent. The effect of the attack can pinpoint individuals to approximately a few hundred meters in dense urban areas, demonstrating a trend of malicious operators exploiting such vulnerabilities rapidly.
Security researchers have identified a surveillance company in the Middle East exploiting a new attack to deceive phone operators into revealing a subscriber's location.
The attack bypasses security protections designed to prevent unauthorized access to SS7, enabling surveillance of cell subscriber locations.
Enea observed this surveillance operation targeting select subscribers, allowing the vendor to pinpoint individuals' locations to within a few hundred meters.
This incident is indicative of a growing trend where malicious operators increasingly exploit vulnerabilities to access personal location information.
Collection
[
|
...
]