Briefly, the mobile network knows how to get messages and calls to your phone because your phone registers with the network and says where it is. If a rogue device pretends to be your phone (all that's needed is the number), calls and messages can be routed to the new device.
It's discussed here;
and in more detail in Tobias Engel's 2014 paper SS7: Locate. Track. Manipulate.
The updateLocation message is used to update the subscriber’s location in the
network. It informs the network of which VLR/MSC the subscriber is currently
Using a fake updateLocation message the attacker claims that the victims MS is
connected to their MSC. In this case, the subscriber SMSs will be forwarded to the
attacker’s SMS center to be delivered to the MS. (Engel, 2014, p42) In addition to
intercepting personal SMSs of the target, this attack can be used against authentication
systems that utilize SMS verification (SMS token, Facebook verification, etc.) and could
lead to the compromise of the target’s identity.
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat
Spiders on coffee - Badass spiders on drugs
Edited by caffn8me (Fri 27-Jan-17 15:45:40)