Skip to content

T1430.002 Impersonate SS7 Nodes

Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.65142

By providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.6

Item Value
ID T1430.002
Sub-techniques T1430.001, T1430.002
Tactics TA0035, TA0032
Platforms Android, iOS
Version 1.1
Created 05 April 2022
Last Modified 20 March 2023

Procedure Examples

ID Name Description
S0602 Circles Circles can track the location of mobile devices.7


ID Mitigation Description
M1014 Interconnection Filtering Filtering requests by checking request origin information may provide some defense against spurious operators.3


ID Data Source Data Component
DS0029 Network Traffic Network Traffic Flow