SS7 access now sold to the public on Tor

According to a recent article from The Verge, services using SS7 vulnerabilities, as well as a full unlimited SS7 connection, are now available for sale to anyone on Tor, .

While geolocation services have long been sold on a per query basis by companies like Verint or Circles, these companies were making a legitimate effort to sell exclusively to law enforcement agencies.


The Tor website at the address zkkc7e5rwvs4bpxm.onion however is selling not only geolocation queries, but also the ability to perform SMS interception or call interception, and these services are available to anyone with a credit card (and who can find the website), law enforcement or not.

According to Thomas Fox-Brewster, journalist for Forbes who covers issues around security and privacy, including SS7 vulnerabilities, and who interviewed the owner of this site some time ago, the services offered may not exist though, and the purpose of the site may simply be to scam buyers.

If the service offered is real however, this newest development could explain why we are now seeing SS7 attacks conducted by hackers for profit, such as the recent SMS intercept attacks in Germany, since this type of website would take the art of obtaining usable SS7 connections out of the equation for criminals.