SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses

A new attack technique is exposing just how vulnerable global mobile networks remain in 2025. Cybersecurity firm Enea has discovered a surveillance operation that bypasses SS7 firewalls by exploiting a subtle weakness in the TCAP encoding layer—allowing stealth location tracking of mobile users across borders.The method? Tampering with the IMSI field in ProvideSubscriberInfo (PSI) requests to hide it from detection. Many mobile operators’ SS7 stacks simply fail to decode the malformed tag, allowing unauthorized tracking messages to pass security controls.In this episode, we cover:The technical anatomy of the IMSI hiding exploitHow this attack evades standard SS7 security checksThe surveillance firms and platforms involved—WODEN, ASMAN, HURACAN, and othersBroader SS7 weaknesses: lack of encryption, lack of authentication, and global trust architectureThe disturbing truth: most mobile networks still depend on legacy protocols from the 1970sWhy users can’t opt out—and no app can protect youWe also examine the countermeasures: advanced signaling firewalls, protocol filtering, TCAP signing, and why even now, SS7 remains irreplaceable due to the persistence of 2G/3G roaming infrastructure.This isn’t a theoretical vulnerability—it’s a real-world surveillance method in use today, targeting phones across continents without users ever knowing.

There are no comments yet.

Please log in to write the first comment.