Security researchers have uncovered a sophisticated surveillance operation in the Middle East that exploits a critical vulnerability in Signaling System 7 (SS7). This flaw allows malicious actors to bypass standard carrier protections and pinpoint the precise location of mobile phone subscribers without their knowledge or consent.
How the SS7 Bypass Attack Works
The attack targets SS7, a suite of legacy protocols used by global telecommunications carriers to route calls and text messages across international borders. Beyond routing, these protocols enable carriers to identify which cell tower a device is connected to—a feature primarily designed for accurate billing during roaming.
By bypassing the security firewalls implemented by mobile operators, the unnamed surveillance vendor has been able to manipulate these requests. According to researchers at cybersecurity firm Enea, this exploit has been active since late 2024, allowing attackers to track individuals to the nearest cell tower, narrowing their position to within a few hundred meters in densely populated areas.
Targeted Surveillance and Global Risks
Cathal Mc Daid, VP of Technology at Enea, confirmed that the vendor’s activity has been highly targeted, focusing on a limited number of subscribers rather than mass surveillance. While the attack does not succeed against every carrier, it highlights a growing trend of private firms developing advanced exploits for government intelligence-gathering operations.
Surveillance vendors, which often operate in the shadows to provide spyware and traffic analysis tools to state entities, frequently use these exploits to target activists, journalists, and political dissidents. These tools are often acquired through misused “global titles” or direct access via local phone operators.
The Responsibility of Telecom Carriers
Because these vulnerabilities exist at the infrastructure level of the cellular network, individual phone users are effectively defenseless against such tracking. The burden of protection lies entirely with telecommunications companies, which must maintain robust firewalls to mitigate SS7-based threats.
The global nature of the cell network means that security is inconsistent. While many carriers have bolstered their defenses, others remain highly vulnerable. Past reports from the U.S. Department of Homeland Security have revealed that countries including China, Iran, Israel, Russia, and Saudi Arabia have historically abused SS7 flaws to track U.S. subscribers, underscoring the urgent need for systemic improvements in telecom cybersecurity.