Impersonate SS7 Nodes - T1430.002 (0f4fb01b-d57a-4375-b7a2-342c9d3248f7)
Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport)
By providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.(Citation: Engel-SS7)
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Impersonate SS7 Nodes - T1430.002 (0f4fb01b-d57a-4375-b7a2-342c9d3248f7) | Attack Pattern | Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) | Attack Pattern | 1 |