home.social

#ss7 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ss7, aggregated by home.social.

  1. Bad Connection
    Uncovering Global Telecom Exploitation by Covert Surveillance Actors citizenlab.ca/research/uncover

    An investigation by the Citizen Lab Team, which uncovers two sophisticated telecom surveillance campaigns and, for the first time, directly links real-world attack traffic to mobile operator signalling infrastructure.

    #CyberSecurity #ThreatIntelligence #Surveillance #TelecomSecurity #MobileSecurity #SS7 #NetworkSecurity #CyberEspionage #CitizenLab #Infosec #Privacy #DigitalRights #CyberResearch #SignalInfrastructure #Telecom

  2. Bad Connection
    Uncovering Global Telecom Exploitation by Covert Surveillance Actors citizenlab.ca/research/uncover

    An investigation by the Citizen Lab Team, which uncovers two sophisticated telecom surveillance campaigns and, for the first time, directly links real-world attack traffic to mobile operator signalling infrastructure.

    #CyberSecurity #ThreatIntelligence #Surveillance #TelecomSecurity #MobileSecurity #SS7 #NetworkSecurity #CyberEspionage #CitizenLab #Infosec #Privacy #DigitalRights #CyberResearch #SignalInfrastructure #Telecom

  3. Bad Connection
    Uncovering Global Telecom Exploitation by Covert Surveillance Actors citizenlab.ca/research/uncover

    An investigation by the Citizen Lab Team, which uncovers two sophisticated telecom surveillance campaigns and, for the first time, directly links real-world attack traffic to mobile operator signalling infrastructure.

    #CyberSecurity #ThreatIntelligence #Surveillance #TelecomSecurity #MobileSecurity #SS7 #NetworkSecurity #CyberEspionage #CitizenLab #Infosec #Privacy #DigitalRights #CyberResearch #SignalInfrastructure #Telecom

  4. Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

    The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

    #cybersecurity #diameter #israel #location-tracking #privacy #security #ss7 #surveillance
    techcrunch.com/2026/04/23/surv

  5. Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

    The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

    #cybersecurity #diameter #israel #location-tracking #privacy #security #ss7 #surveillance
    techcrunch.com/2026/04/23/surv

  6. Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

    The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

    #cybersecurity #diameter #israel #location-tracking #privacy #security #ss7 #surveillance
    techcrunch.com/2026/04/23/surv

  7. Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

    The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

    #cybersecurity #diameter #israel #location-tracking #privacy #security #ss7 #surveillance
    techcrunch.com/2026/04/23/surv

  8. Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

    The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.

    #cybersecurity #diameter #israel #location-tracking #privacy #security #ss7 #surveillance
    techcrunch.com/2026/04/23/surv

  9. Interesting and comprehensive report about sophisticated telecom surveillance campaigns involving mobile operator signaling infrastructure citizenlab.ca/research/uncover and identifying three gateways to surveillance (019Mobile, Airtel Jersey, Tango Networks UK) #3gpp #gsm #gsma #ss7 #diameter

  10. Interesting and comprehensive report about sophisticated telecom surveillance campaigns involving mobile operator signaling infrastructure citizenlab.ca/research/uncover and identifying three gateways to surveillance (019Mobile, Airtel Jersey, Tango Networks UK) #3gpp #gsm #gsma #ss7 #diameter

  11. Interesting and comprehensive report about sophisticated telecom surveillance campaigns involving mobile operator signaling infrastructure citizenlab.ca/research/uncover and identifying three gateways to surveillance (019Mobile, Airtel Jersey, Tango Networks UK) #3gpp #gsm #gsma #ss7 #diameter

  12. Interesting and comprehensive report about sophisticated telecom surveillance campaigns involving mobile operator signaling infrastructure citizenlab.ca/research/uncover and identifying three gateways to surveillance (019Mobile, Airtel Jersey, Tango Networks UK) #3gpp #gsm #gsma #ss7 #diameter

  13. Interesting and comprehensive report about sophisticated telecom surveillance campaigns involving mobile operator signaling infrastructure citizenlab.ca/research/uncover and identifying three gateways to surveillance (019Mobile, Airtel Jersey, Tango Networks UK) #3gpp #gsm #gsma #ss7 #diameter

  14. The cellular network was built in 1985, with zero privacy in mind.

    Today, we're talking about the infrastructure vulnerabilities that most people don't know about.

    Ep.21 dropped TODAY:
    🔹 How fake towers steal your identity
    🔹 Why SS7 lets attackers track your location
    🔹 And actionable steps to protect yourself

    This isn't fearmongering. It's awareness. And awareness is power.

    🎧 Listen: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  15. The cellular network was built in 1985, with zero privacy in mind.

    Today, we're talking about the infrastructure vulnerabilities that most people don't know about.

    Ep.21 dropped TODAY:
    🔹 How fake towers steal your identity
    🔹 Why SS7 lets attackers track your location
    🔹 And actionable steps to protect yourself

    This isn't fearmongering. It's awareness. And awareness is power.

    🎧 Listen: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  16. The cellular network was built in 1985, with zero privacy in mind.

    Today, we're talking about the infrastructure vulnerabilities that most people don't know about.

    Ep.21 dropped TODAY:
    🔹 How fake towers steal your identity
    🔹 Why SS7 lets attackers track your location
    🔹 And actionable steps to protect yourself

    This isn't fearmongering. It's awareness. And awareness is power.

    🎧 Listen: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  17. Your phone is a window into your life. Are you sure the world can't see through it? 👀

    Tomorrow, ep.21 of Impractical Privacy.

    We go beyond apps and settings to look at the cellular network itself

    We're talking about:
    📡 IMSI Catchers
    🌐 SS7 Exploits
    📉 The 5G Myth

    The infrastructure was built in an era of trust. That era is over.

    Privacy isn't just a tool; it's a right

    🎧 Listen tomorrow at: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  18. Your phone is a window into your life. Are you sure the world can't see through it? 👀

    Tomorrow, ep.21 of Impractical Privacy.

    We go beyond apps and settings to look at the cellular network itself

    We're talking about:
    📡 IMSI Catchers
    🌐 SS7 Exploits
    📉 The 5G Myth

    The infrastructure was built in an era of trust. That era is over.

    Privacy isn't just a tool; it's a right

    🎧 Listen tomorrow at: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  19. Your phone is a window into your life. Are you sure the world can't see through it? 👀

    Tomorrow, ep.21 of Impractical Privacy.

    We go beyond apps and settings to look at the cellular network itself

    We're talking about:
    📡 IMSI Catchers
    🌐 SS7 Exploits
    📉 The 5G Myth

    The infrastructure was built in an era of trust. That era is over.

    Privacy isn't just a tool; it's a right

    🎧 Listen tomorrow at: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  20. Your phone is a window into your life. Are you sure the world can't see through it? 👀

    Tomorrow, ep.21 of Impractical Privacy.

    We go beyond apps and settings to look at the cellular network itself

    We're talking about:
    📡 IMSI Catchers
    🌐 SS7 Exploits
    📉 The 5G Myth

    The infrastructure was built in an era of trust. That era is over.

    Privacy isn't just a tool; it's a right

    🎧 Listen tomorrow at: ImpracticalPrivacy.com

    #DigitalPrivacy #Privacy #CyberSecurity #Telecom #Stingray #SS7 #5G #Fediverse

  21. @TimWardCam @neil

    That would be difficult for kids, because it requires lifting the handset, and demonstrating a sense of timing.

    #SS7

  22. @TimWardCam @neil

    That would be difficult for kids, because it requires lifting the handset, and demonstrating a sense of timing.

    #SS7

  23. @TimWardCam @neil

    That would be difficult for kids, because it requires lifting the handset, and demonstrating a sense of timing.

    #SS7

  24. @TimWardCam @neil

    That would be difficult for kids, because it requires lifting the handset, and demonstrating a sense of timing.

    #SS7

  25. @TimWardCam @neil

    That would be difficult for kids, because it requires lifting the handset, and demonstrating a sense of timing.

    #SS7

  26. Эпические баги: как один Break положил телефонную сеть по всему США в 1990 г

    В подразделении, где я работаю, есть традиция - новичку при онбординге вручается ссылка на Wiki с легендарными багами, приведшими к заметным последствиям. Недавно мне пришла в голову идея сделать такую же страницу, но уже со ссылками на Хабр, потому что на русском о багах пишут с бОльшим огоньком. Но, увы, оказалось, что каскадному падению серверов AT&T 15 января 1990 года внимание как-то не уделено. А ведь история получилась, прямо-таки эпическая. Итак, 15 января 1990 года из-за одной строчки кода телефонная сеть AT&T получила 9 часов даунтайма, 70 миллионов несовершенных звонков, а общий убыток насчитали в $60 миллионов еще не инфляционных долларов. И нет, там не было неудачного релиза, развернутого сразу и везде. Все было гораздо интереснее.

    habr.com/ru/companies/beget/ar

    #4ESS #SS7 #эпический_баг #ошибка #каскадный_сбой #телекоммуникации #тестирование #1990 #надёжность

  27. Эпические баги: как один Break положил телефонную сеть по всему США в 1990 г

    В подразделении, где я работаю, есть традиция - новичку при онбординге вручается ссылка на Wiki с легендарными багами, приведшими к заметным последствиям. Недавно мне пришла в голову идея сделать такую же страницу, но уже со ссылками на Хабр, потому что на русском о багах пишут с бОльшим огоньком. Но, увы, оказалось, что каскадному падению серверов AT&T 15 января 1990 года внимание как-то не уделено. А ведь история получилась, прямо-таки эпическая. Итак, 15 января 1990 года из-за одной строчки кода телефонная сеть AT&T получила 9 часов даунтайма, 70 миллионов несовершенных звонков, а общий убыток насчитали в $60 миллионов еще не инфляционных долларов. И нет, там не было неудачного релиза, развернутого сразу и везде. Все было гораздо интереснее.

    habr.com/ru/companies/beget/ar

    #4ESS #SS7 #эпический_баг #ошибка #каскадный_сбой #телекоммуникации #тестирование #1990 #надёжность

  28. Эпические баги: как один Break положил телефонную сеть по всему США в 1990 г

    В подразделении, где я работаю, есть традиция - новичку при онбординге вручается ссылка на Wiki с легендарными багами, приведшими к заметным последствиям. Недавно мне пришла в голову идея сделать такую же страницу, но уже со ссылками на Хабр, потому что на русском о багах пишут с бОльшим огоньком. Но, увы, оказалось, что каскадному падению серверов AT&T 15 января 1990 года внимание как-то не уделено. А ведь история получилась, прямо-таки эпическая. Итак, 15 января 1990 года из-за одной строчки кода телефонная сеть AT&T получила 9 часов даунтайма, 70 миллионов несовершенных звонков, а общий убыток насчитали в $60 миллионов еще не инфляционных долларов. И нет, там не было неудачного релиза, развернутого сразу и везде. Все было гораздо интереснее.

    habr.com/ru/companies/beget/ar

    #4ESS #SS7 #эпический_баг #ошибка #каскадный_сбой #телекоммуникации #тестирование #1990 #надёжность

  29. Эпические баги: как один Break положил телефонную сеть по всему США в 1990 г

    В подразделении, где я работаю, есть традиция - новичку при онбординге вручается ссылка на Wiki с легендарными багами, приведшими к заметным последствиям. Недавно мне пришла в голову идея сделать такую же страницу, но уже со ссылками на Хабр, потому что на русском о багах пишут с бОльшим огоньком. Но, увы, оказалось, что каскадному падению серверов AT&T 15 января 1990 года внимание как-то не уделено. А ведь история получилась, прямо-таки эпическая. Итак, 15 января 1990 года из-за одной строчки кода телефонная сеть AT&T получила 9 часов даунтайма, 70 миллионов несовершенных звонков, а общий убыток насчитали в $60 миллионов еще не инфляционных долларов. И нет, там не было неудачного релиза, развернутого сразу и везде. Все было гораздо интереснее.

    habr.com/ru/companies/beget/ar

    #4ESS #SS7 #эпический_баг #ошибка #каскадный_сбой #телекоммуникации #тестирование #1990 #надёжность

  30. Someone just attempted to activate #Signalapp on my phone number (I received the SMS verification code all the sudden). Even if they would have some #SS7 hack going on where they can get a duplicate of the SMS, I actually do have a registration lock enabled. (*)

    However, it could also be someone making a mistake entering their phone number during setup.

    *) support.signal.org/hc/en-us/ar

  31. Someone just attempted to activate #Signalapp on my phone number (I received the SMS verification code all the sudden). Even if they would have some #SS7 hack going on where they can get a duplicate of the SMS, I actually do have a registration lock enabled. (*)

    However, it could also be someone making a mistake entering their phone number during setup.

    *) support.signal.org/hc/en-us/ar

  32. Someone just attempted to activate #Signalapp on my phone number (I received the SMS verification code all the sudden). Even if they would have some #SS7 hack going on where they can get a duplicate of the SMS, I actually do have a registration lock enabled. (*)

    However, it could also be someone making a mistake entering their phone number during setup.

    *) support.signal.org/hc/en-us/ar

  33. Someone just attempted to activate #Signalapp on my phone number (I received the SMS verification code all the sudden). Even if they would have some #SS7 hack going on where they can get a duplicate of the SMS, I actually do have a registration lock enabled. (*)

    However, it could also be someone making a mistake entering their phone number during setup.

    *) support.signal.org/hc/en-us/ar

  34. Someone just attempted to activate #Signalapp on my phone number (I received the SMS verification code all the sudden). Even if they would have some #SS7 hack going on where they can get a duplicate of the SMS, I actually do have a registration lock enabled. (*)

    However, it could also be someone making a mistake entering their phone number during setup.

    *) support.signal.org/hc/en-us/ar

  35. The year is 2027. Email is #unreliable; little gets past #Gmail filters without a contract to receive your #email. #Governments don't stop it because (a) they have a contract, and (b) they don't understand how email works. Or worked.

    #Tech companies finally realize that #SS7 is #insecure. Phone calls and texts can't be #trusted. Machine-learning-generated ("AI") audio and video means video and voice calls are doubly cursed - too many #FAANG executives have had embarrassing public #failures, falling #victim to the corporate equivalent of the grandparent #scam.

    Few people use #TOTP, because the tech #companies don't promote it, they each call it something else and make it work differently, and they all want you to use their "app" rather than the standard 3-line script that can generate the correct code given a key and the current timestamp. The technically-minded try to educate their relatives and friends as part of the free-tech-support assumption, but no one cares.

    #Account #recovery now involves waiting at home to sign for an envelope delivered by the lowest-cost (and therefore bribe-able) courier to the #registered home address of the account. Millions each year lose their email, #photos, videos, "purchased" digital #content, password vaults, etc because they've moved since they set up the account, or they have a P.O. box and companies don't believe those #exist.

    The #internet is a vast digital #wasteland - wait, a saviour onstage: "Walled Garden-Net!".

    Burn it.

  36. The year is 2027. Email is #unreliable; little gets past #Gmail filters without a contract to receive your #email. #Governments don't stop it because (a) they have a contract, and (b) they don't understand how email works. Or worked.

    #Tech companies finally realize that #SS7 is #insecure. Phone calls and texts can't be #trusted. Machine-learning-generated ("AI") audio and video means video and voice calls are doubly cursed - too many #FAANG executives have had embarrassing public #failures, falling #victim to the corporate equivalent of the grandparent #scam.

    Few people use #TOTP, because the tech #companies don't promote it, they each call it something else and make it work differently, and they all want you to use their "app" rather than the standard 3-line script that can generate the correct code given a key and the current timestamp. The technically-minded try to educate their relatives and friends as part of the free-tech-support assumption, but no one cares.

    #Account #recovery now involves waiting at home to sign for an envelope delivered by the lowest-cost (and therefore bribe-able) courier to the #registered home address of the account. Millions each year lose their email, #photos, videos, "purchased" digital #content, password vaults, etc because they've moved since they set up the account, or they have a P.O. box and companies don't believe those #exist.

    The #internet is a vast digital #wasteland - wait, a saviour onstage: "Walled Garden-Net!".

    Burn it.

  37. The year is 2027. Email is #unreliable; little gets past #Gmail filters without a contract to receive your #email. #Governments don't stop it because (a) they have a contract, and (b) they don't understand how email works. Or worked.

    #Tech companies finally realize that #SS7 is #insecure. Phone calls and texts can't be #trusted. Machine-learning-generated ("AI") audio and video means video and voice calls are doubly cursed - too many #FAANG executives have had embarrassing public #failures, falling #victim to the corporate equivalent of the grandparent #scam.

    Few people use #TOTP, because the tech #companies don't promote it, they each call it something else and make it work differently, and they all want you to use their "app" rather than the standard 3-line script that can generate the correct code given a key and the current timestamp. The technically-minded try to educate their relatives and friends as part of the free-tech-support assumption, but no one cares.

    #Account #recovery now involves waiting at home to sign for an envelope delivered by the lowest-cost (and therefore bribe-able) courier to the #registered home address of the account. Millions each year lose their email, #photos, videos, "purchased" digital #content, password vaults, etc because they've moved since they set up the account, or they have a P.O. box and companies don't believe those #exist.

    The #internet is a vast digital #wasteland - wait, a saviour onstage: "Walled Garden-Net!".

    Burn it.

  38. The year is 2027. Email is #unreliable; little gets past #Gmail filters without a contract to receive your #email. #Governments don't stop it because (a) they have a contract, and (b) they don't understand how email works. Or worked.

    #Tech companies finally realize that #SS7 is #insecure. Phone calls and texts can't be #trusted. Machine-learning-generated ("AI") audio and video means video and voice calls are doubly cursed - too many #FAANG executives have had embarrassing public #failures, falling #victim to the corporate equivalent of the grandparent #scam.

    Few people use #TOTP, because the tech #companies don't promote it, they each call it something else and make it work differently, and they all want you to use their "app" rather than the standard 3-line script that can generate the correct code given a key and the current timestamp. The technically-minded try to educate their relatives and friends as part of the free-tech-support assumption, but no one cares.

    #Account #recovery now involves waiting at home to sign for an envelope delivered by the lowest-cost (and therefore bribe-able) courier to the #registered home address of the account. Millions each year lose their email, #photos, videos, "purchased" digital #content, password vaults, etc because they've moved since they set up the account, or they have a P.O. box and companies don't believe those #exist.

    The #internet is a vast digital #wasteland - wait, a saviour onstage: "Walled Garden-Net!".

    Burn it.

  39. The year is 2027. Email is #unreliable; little gets past #Gmail filters without a contract to receive your #email. #Governments don't stop it because (a) they have a contract, and (b) they don't understand how email works. Or worked.

    #Tech companies finally realize that #SS7 is #insecure. Phone calls and texts can't be #trusted. Machine-learning-generated ("AI") audio and video means video and voice calls are doubly cursed - too many #FAANG executives have had embarrassing public #failures, falling #victim to the corporate equivalent of the grandparent #scam.

    Few people use #TOTP, because the tech #companies don't promote it, they each call it something else and make it work differently, and they all want you to use their "app" rather than the standard 3-line script that can generate the correct code given a key and the current timestamp. The technically-minded try to educate their relatives and friends as part of the free-tech-support assumption, but no one cares.

    #Account #recovery now involves waiting at home to sign for an envelope delivered by the lowest-cost (and therefore bribe-able) courier to the #registered home address of the account. Millions each year lose their email, #photos, videos, "purchased" digital #content, password vaults, etc because they've moved since they set up the account, or they have a P.O. box and companies don't believe those #exist.

    The #internet is a vast digital #wasteland - wait, a saviour onstage: "Walled Garden-Net!".

    Burn it.

  40. [Перевод] Хороший, Плохой, Расширенный: SS7 атака с использованием расширенных тэгов

    Есть два типа операций в SS7, друг мой: безобидные... и те, что держат револьвер... ... Это, конечно, утрирование. Однако, как и герои спагетти-вестернов, операции в SS7 предстают перед нами в полном своем разнообразии и глубине, и иногда их сложно распарсить, а главное - обработать безопасно для абонента. Неверная обработка операций (команд) в SS7 (они же PDUs), несет за собой серьезные риски и потенциально может привести к угрозам уровня уязвимостей нулевого дня, открывая широкий спектр возможных атак.

    habr.com/ru/articles/982196/

    #ss7 #asn1 #сетевые_атаки #tcap #сигнальные_протоколы

  41. [Перевод] Хороший, Плохой, Расширенный: SS7 атака с использованием расширенных тэгов

    Есть два типа операций в SS7, друг мой: безобидные... и те, что держат револьвер... ... Это, конечно, утрирование. Однако, как и герои спагетти-вестернов, операции в SS7 предстают перед нами в полном своем разнообразии и глубине, и иногда их сложно распарсить, а главное - обработать безопасно для абонента. Неверная обработка операций (команд) в SS7 (они же PDUs), несет за собой серьезные риски и потенциально может привести к угрозам уровня уязвимостей нулевого дня, открывая широкий спектр возможных атак.

    habr.com/ru/articles/982196/

    #ss7 #asn1 #сетевые_атаки #tcap #сигнальные_протоколы

  42. [Перевод] Хороший, Плохой, Расширенный: SS7 атака с использованием расширенных тэгов

    Есть два типа операций в SS7, друг мой: безобидные... и те, что держат револьвер... ... Это, конечно, утрирование. Однако, как и герои спагетти-вестернов, операции в SS7 предстают перед нами в полном своем разнообразии и глубине, и иногда их сложно распарсить, а главное - обработать безопасно для абонента. Неверная обработка операций (команд) в SS7 (они же PDUs), несет за собой серьезные риски и потенциально может привести к угрозам уровня уязвимостей нулевого дня, открывая широкий спектр возможных атак.

    habr.com/ru/articles/982196/

    #ss7 #asn1 #сетевые_атаки #tcap #сигнальные_протоколы

  43. [Перевод] Хороший, Плохой, Расширенный: SS7 атака с использованием расширенных тэгов

    Есть два типа операций в SS7, друг мой: безобидные... и те, что держат револьвер... ... Это, конечно, утрирование. Однако, как и герои спагетти-вестернов, операции в SS7 предстают перед нами в полном своем разнообразии и глубине, и иногда их сложно распарсить, а главное - обработать безопасно для абонента. Неверная обработка операций (команд) в SS7 (они же PDUs), несет за собой серьезные риски и потенциально может привести к угрозам уровня уязвимостей нулевого дня, открывая широкий спектр возможных атак.

    habr.com/ru/articles/982196/

    #ss7 #asn1 #сетевые_атаки #tcap #сигнальные_протоколы

  44. Privacy Cell warnt vor unsicheren 2G/3G-Netzen (SS7-anfällig) & IMSI-Catchern – checkt deine Mobilfunkprotokolle für mehr Sicherheit! 📱🔍 Open-Source-App auf F-Droid. f-droid.org/en/packages/com.st #Privacy #FOSS #Datenschutz #SS7
    #MeeMeep xD