1. Website Planet
  2. >
  3. News
  4. >
  5. Surveillance Firm Exploits Mobile Network Flaw To Track Phones
Surveillance Firm Exploits Mobile Network Flaw To Track Phones

Surveillance Firm Exploits Mobile Network Flaw To Track Phones

Headshot of Andrés Gánem Written by: Andrés Gánem
Headshot of Maggy Di Costanzo Reviewed by: Maggy Di Costanzo
Last updated: August 06, 2025
A recently published investigation by cybersecurity company Enea has discovered a surveillance vendor exploiting a vulnerability in SS7 protocols to trick phone service providers into revealing accurate location data from private devices. According to the researchers, the attacks go back as far as late 2024.

SS7, or Signaling System 7, is a set of protocols used by cellphone carriers to transmit calls and text messages across the world. It also allows companies to know which cell tower their users are connected to, but its decades-old design makes it vulnerable to abuse.

“It is perfectly legitimate for mobile operators to use it for their subscribers who may be roaming abroad, for billing and mobility control, but they are the only ones who should be using it,” writes Cathal McDaid, Enea’s VP of technology, in the company’s blog post.

According to Enea researchers, the attack exploits vulnerabilities in the protocol to permit third parties to access SS7. The attack permits the surveillance vendor to locate the nearest cell tower to an individual, which can provide extremely accurate location information in certain conditions.

“The source of the attacks matched a surveillance company that we have tracked for many years, and we believe that this was identified and used by them. Subsequent retrospective analysis confirmed that this technique was being used at least as far back as Q4 2024,” added McDaid.

The term “surveillance vendor” refers to private companies that usually work exclusively with government clients to conduct intelligence operations. Providers of surveillance software known as “spyware” fit into the category. Governments worldwide claim to use spyware to monitor criminal activity, but it has also been used against journalists, activists, and political dissidents.

In June, the research group Citizen Lab confirmed the use of Paragon spyware by the Italian government to monitor at least 7 prominent local journalists.

“We don’t have any information on how successful this attack method has been worldwide, as its success is vendor/software specific, rather than being a general protocol vulnerability, but its use as part of a suite indicates that it has had some value,” the report continues.

According to tech news site TechCrunch, the company informed the phone operator of the attack being employed, but did not name the specific surveillance vendor, only noting that it’s “based in the Middle East.”

Andrés Gánem
Senior Writer:
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Maggy Di Costanzo
Editor:
Maggy Di Costanzo
Maggy Di Costanzo is an editor at Website Planet, specializing in reviews of e-commerce platforms, website builders, and web hosting services. With experience as a freelance AI content specialist, editor, and writer, she brings a versatile skill set from industries like marketing and real estate. When she’s not editing or staying updated on SEO trends, Maggy enjoys going on hikes with her dog, planning dinner parties, and tracking the stock market.

Follow our experts on
Rate this Article
4.3 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your reply was submitted successfully! your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3713583
50
5000
143202913