Skip to content(if available)orjump to list(if available)

How First Wap tracks phones around the world

How First Wap tracks phones around the world

12 comments

·October 15, 2025
Visit

rikafurude21

At some point you have to wonder how privacy and security wasnt a factor at all in the minds of engineers designing these systems- it has to be intentional, right? Did no one stop to consider how the system theyre building could be abused against the general public? Did they just not care?

CharlesW

> At some point you have to wonder how privacy and security wasnt a factor at all in the minds of engineers designing these systems- it has to be intentional, right?

Yes. SS7 is a half-century old, designed for a world of state telecom monopolies and a handful of tightly-peered carriers. The threat model could safely assume that only vetted operators could connect. It's unlikely that anyone involved believed that SS7 would still exist in 2000, much less 2025.

https://www.eff.org/deeplinks/2024/07/eff-fcc-ss7-vulnerable...

decimalenough

Almost as crazy as email and HTTP being designed without encryption, amirite?

SS7 dates from the early 1980s, as do SMTP (1981) and HTTP (1989). In all three cases people build the simplest thing that works and then hacked on it as new requirements arose. The main problem is that the telco world is very conservative and closed-source, so while we've had HTTPS and encrypted IMAP etc for a while now, SS7 hasn't gotten similar upgrades.

null

[deleted]

defrost

It starts as a shoehorn to solve a relatively (initially at least) uncommon bridging problem.

Later such things are grandfathered in having never been properly designed or funded for security, etc.

  Signalling System 7, or SS7, is a decades-old set of protocols that allows phone networks to communicate with one another, routing messages and calls across borders.

  It was never designed with security in mind, and while operators have moved to more secure evolutions with 4G and 5G, they still need to maintain backwards compatibility with SS7. This is likely to remain the case for years if not decades to come.

  Phone networks need to know where users are in order to route text messages and phone calls.

  Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability.

  The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.

hsbauauvhabzb

I doubt it’s the engineers. They just build what someone else has requested, they can provide suggestions and suggestions can be ignored.

ewuhic

They were and still are dumb and naive. This comment is going to be downvoted.

rangerelf

You're not wrong.

I've seen so many things announced that make me ask myself "But, why?".

bendouglas

Is there anything a common person can do to help reduce the likelihood of their phone being tracked via SS7? (other than not carrying a phone or disabling the mobile network)

numpad0

dupe: https://news.ycombinator.com/item?id=45584498

baobun

related, not dupe

octagons

SS7 strikes again!