LIVE SS7 PROBE · REAL CARRIER DATA

Your carrier knows where you are.
Does anyone else?

Real-time SS7 signalling tests via 200+ global titles across 37+ countries. Find out in 60 seconds if your phone number is exposed to routing queries, IMSI leakage, or location tracking attacks.

Simple step-by-step check →

ENDADENOSV
200+Global Titles
37+Countries covered
1M+Lookups completed
60sResults in seconds
The process

How the check works

We probe your carrier's network from the outside — exactly as an adversary would — using our own signalling infrastructure across multiple countries.

01
Enter your number

Provide your full international mobile number (e.g. +45 12 34 56 78). No SIM card, no app, no installation required.

02
We probe the SS7 layer

Our global titles send live MAP protocol queries to your carrier's HLR from multiple international origins, measuring exactly what data is exposed to outside parties.

03
Instant results + report

You receive a clear risk rating — routing exposure, IMSI status, SMS home-routing protection, and carrier security posture. Full assessment includes a PDF report.

Try it now

Check your number

Live test · results in under 60 seconds

€1 Quick Check Multi-origin live probe
€45/mo Full Assessment Unlimited + PDF report

Min. €5 deposit for pay-per-lookup · €45/mo for unlimited checks and PDF reports

Pricing

Choose your level of insight

Whether you want a quick exposure snapshot or a full MAP assessment, we have a tier for your needs.

€1 / lookup
Quick SS7 Check

A live single-run probe of your mobile number against our signalling infrastructure. Immediate answer: is your carrier leaking your routing data to outside queries?

  • Multi-origin SS7 probe from different countries
  • Routing exposure detection (SRI/HLR response)
  • SMS home-routing protection check
  • IMSI exposure indicator
  • Carrier network fingerprint (MCC/MNC)
  • Instant pass/fail risk rating
  • Min. €5 prepaid balance required
€45 / month
Full Security Assessment

Unlimited checks for 30 days across all available MAP operations. Includes a complete written PDF assessment of your carrier's SS7 security posture and all exposed attack surfaces.

  • Everything in Quick Check
  • Unlimited checks on any MSISDN for 30 days
  • Full MAP protocol test suite (12+ operations)
  • Deep bypass and home-routing analysis
  • IMSI, location, and identity traceability report
  • PDF assessment report with carrier findings
  • Historical data comparison
  • Priority access to new test origins

Also accept Bitcoin · Cancel anytime

Test coverage

What we look for

Every check runs live against your carrier's Home Location Register and MAP protocol layer from multiple foreign-origin global titles.

Routing Exposure

Does your carrier return routing data (MSC address, serving network) to unauthenticated external queries? Direct exposure enables real-time location intelligence.

🪪
IMSI Leakage

Is your permanent subscriber identifier (IMSI) returned in SRI-SM responses? IMSI leakage is a precondition for SIM cloning, IMSI catchers, and interception attacks.

📡
SMS Home-Routing Bypass

Does your carrier's SMS home-routing system correctly mask IMSI and routing information, or can it be bypassed from specific origins to reveal the underlying network node?

📍
Location Traceability

Can an external party determine your approximate location — country, city, serving cell — using MAP operations such as PSI (Provide Subscriber Info) or ATI?

🛡️
Carrier Firewall Assessment

We evaluate the effectiveness of your carrier's SS7 firewall across multiple operation classes and origins, identifying gaps in their inter-operator signalling protection.

Home-Routing Verification

For carriers deploying SMS home-routing, we verify that the protection is properly implemented and that masked IMSI responses are correctly returned across all tested origins.

200+ Global Titles. 37+ Countries.

Our signalling infrastructure spans tier-1 and tier-2 carriers across Europe, Asia, North America, the Middle East, and beyond — ensuring multi-origin, multi-hop test coverage no single carrier can simply block.

🇩🇰 Denmark 🇩🇪 Germany 🇳🇱 Netherlands 🇸🇬 Singapore 🇺🇸 USA 🇬🇧 UK 🇦🇪 UAE 🇭🇰 Hong Kong + 29 more
Trusted infrastructure

Built by telecom security specialists

GSM Security is powered by LBS INT — a telecom security research company operating live SS7 assessment infrastructure used by tier-1 carriers and national security teams. Our live map of carrier vulnerabilities at GSMmap covers 350+ networks worldwide.

Real SS7 infrastructure, no simulated data
Results in under 60 seconds
Live data from 350+ assessed networks
Encrypted, anonymous, no data retention
Pay by card or Bitcoin
Questions

Frequently asked

SS7 (Signalling System No. 7) is the global protocol suite that connects mobile networks. It was designed in the 1970s with no authentication, and despite decades of known vulnerabilities, most carriers worldwide still expose raw SS7 interfaces to hundreds of interconnected partners. An attacker with SS7 access can query your carrier to determine your approximate location, intercept SMS messages (including two-factor authentication codes), and track your movements — all without needing physical access to your device.
A basic HLR lookup confirms whether a number is active and returns its current network. Our SS7 check goes significantly further: we probe from multiple global title origins (200+) across different countries, test multiple MAP operations, assess SMS home-routing protection, check for IMSI leakage, evaluate bypass possibilities, and compile a complete carrier security posture. We're testing what an adversary could actually do, not just confirming the number exists.
Yes. You have the right to understand how your own mobile number is exposed within the global signalling infrastructure. Our tests are passive queries — we observe what data is returned when your number is queried from external signalling nodes. This is exactly what any SS7-connected party could do. You are entitled to know your own exposure level. Testing numbers you do not own or have explicit authorisation for is not permitted.
The Full Assessment PDF covers: executive summary of carrier security posture, per-operation MAP test results (SRI-SM, ATI, PSI, UL, ISD, SendIdentification, PurgeMS, USSD paths and more), IMSI and routing data exposure analysis, SMS home-routing protection evaluation, bypass vulnerability assessment, comparison to our global carrier database, and actionable recommendations you can share with your carrier's security team.
SS7 firewalls vary enormously in quality. Many carriers have deployed basic filtering that blocks the most obvious queries but remain vulnerable to traffic originating from "trusted" partner networks, less common MAP operations, or queries routed via intermediary carriers. Our 200+ global titles cover a wide range of network relationships, giving a realistic picture of what gets through — including from origins that a carrier's firewall may consider trusted.
We accept all major credit and debit cards via Stripe (Visa, Mastercard, American Express) and Bitcoin. BTC payments are confirmed on-chain and credited to your account automatically. All payment processing is handled securely — we never store card numbers.
Get started

Find out what your carrier is leaking about you

It takes 60 seconds. No app, no install, no SIM card required.

Minimum €5 deposit for Quick Checks · Full Assessment billed monthly · Cancel anytime · Bitcoin accepted