This discovery highlights the ongoing arms race between surveillance entities and telecommunications security, as attackers continue exploiting the complex ASN.1 protocol structures inherent in SS7 networks to evade detection and maintain unauthorized access to sensitive subscriber information. The attack leverages previously unknown vulnerabilities in the TCAP (Transaction Capabilities Application Part) layer of SS7 networks to circumvent security protections implemented by mobile operators worldwide. Attackers manipulate the Tag code structure of TCAP Information Elements containing IMSI (International Mobile Subscriber Identity) data by using an extended tag encoding method. When security firewalls cannot decode the IMSI properly, they fail to apply crucial home-versus-roaming network checks that should block unauthorized location requests. The GSMA community has been alerted to this vulnerability, with recommendations distributed to help mobile operators strengthen their signaling security posture. The technique represents part of an evolving suite of bypass methods that surveillance companies employ to defeat signaling security defenses. Their method involves sending malformed PSI requests with extended tag codes from external networks, targeting home network subscribers whose locations should normally be protected from outside queries. A surveillance company has been detected exploiting a sophisticated SS7 bypass technique to track mobile phone users’ locations.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Jul 2025 13:55:19 +0000