1. Home
  2. Techniques
  3. Mobile
  4. Location Tracking
  5. Impersonate SS7 Nodes

Location Tracking: Impersonate SS7 Nodes

ID Name
T1430.001 Remote Device Management Services
T1430.002 Impersonate SS7 Nodes

Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.[1][2][3][4][5]

By providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.[1]

ID: T1430.002
Sub-technique of:  T1430
Tactics: Collection, Discovery
Platforms: Android, iOS
MTC ID: CEL-38
Version: 1.1
Created: 05 April 2022
Last Modified: 15 August 2023
Version Permalink

Procedure Examples

ID Name Description
S0602 Circles

Circles can track the location of mobile devices.[6]

Mitigations

ID Mitigation Description
M1014 Interconnection Filtering

Filtering requests by checking request origin information may provide some defense against spurious operators.[7]

Detection

ID Data Source Data Component Detects
DS0029 Network Traffic Network Traffic Flow

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.[5] The CSRIC also suggests threat information sharing between telecommunications industry members.

References

  1. Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.
  2. Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.
  3. 3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.
  4. Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.
  1. Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.
  2. Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020.
  3. CSRIC-WG1-FinalReport