top | item 45585309

(no title)

janwillemb | 4 months ago

It is about a company, First Wap, that makes it possible to track individuals. Their USP is a piece of software that operates at phone network level and uses the fact that phone companies still support an old protocol, Signalling System 7:

> Phone networks need to know where users are in order to route text messages and phone calls. Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability. The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.

> These signalling messages are never seen on a user’s phone. They are sent and received by “Global Titles” (GTs), phone numbers that represent nodes in a network but are not assigned to subscribers.

discuss

overfeed|4 months ago

> The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose

'Fun' fact: "other networks" includes all foreign networks with a roaming partnership. It's possible to abuse SS7 to track people across borders, from half the world away.

foolfoolz|4 months ago

it’s more than that. it’s any device that can present itself as a possible base station. this is how trumps lawyer was caught in a place he claimed to not be: https://www.reuters.com/article/world/special-counsel-has-ev...

this also helped confirm the identity of the 2022 killer in idaho https://en.wikipedia.org/wiki/2022_University_of_Idaho_murde...

beached_whale|4 months ago

I assumed it was the telecoms just selling the data about their subscribers. https://www.telecomstechnews.com/news/fcc-fines-major-telcos...

pkulak|4 months ago

Why not both?