> Can you elaborate? SS7 is signaling. You can't request a Telecom provider to just start send you all someones calls and texts via SS7.
I was simplifying, but how roaming works is that on every call a mobile number from the visited network is assigned to the SIM, and the host network is instructed to send the call there; in the case of an attacker I expect them to be able to use this mechanism to send calls anywhere they want.
They could also most likely fake USSD which is I believe used behind the "Call forwarding" toggle in your phone's settings.
There are plenty of SS7-related demos & presentations posted here on HN, I suggest you use the search and find them, the people making those have much more experience than me in the field and you're better off with then rather than my half-assed explanations, but the point is, call and text interception is possible, among other nasty things (silently tracking a phone' approximate location, DoS, etc).
I was simplifying, but how roaming works is that on every call a mobile number from the visited network is assigned to the SIM, and the host network is instructed to send the call there; in the case of an attacker I expect them to be able to use this mechanism to send calls anywhere they want.
They could also most likely fake USSD which is I believe used behind the "Call forwarding" toggle in your phone's settings.
There are plenty of SS7-related demos & presentations posted here on HN, I suggest you use the search and find them, the people making those have much more experience than me in the field and you're better off with then rather than my half-assed explanations, but the point is, call and text interception is possible, among other nasty things (silently tracking a phone' approximate location, DoS, etc).