> The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose
'Fun' fact: "other networks" includes all foreign networks with a roaming partnership. It's possible to abuse SS7 to track people across borders, from half the world away.
> it’s more than that. it’s any device that can present itself as a possible base station.
can you elaborate on this a bit? what devices are able to to present themselves as possible base stations? do i need any form of entitlement to participate in the network or not? From past encounters with SS7 and its, uhm, capabilities, it seemed the hardest part would be getting access to the network, albeit not hard really, it sounds like you were hinting at possibly gaining access by participating in the network without any official entitlement, by posing as a base station.
I believe he is referring to femtocells which have (are ?) given freely to end users who need cellular signal boosting, etc.
Many of these femtocells, historically, could be trivially altered or updated to participate as literal peers on SS7.
I haven't looked into this for many years but there was a time when operating a certain femtocell granted the owner an enormous amount of leverage on the global telecom network ...
'Fun' fact: "other networks" includes all foreign networks with a roaming partnership. It's possible to abuse SS7 to track people across borders, from half the world away.