Abstract; As we can see, most mobile operators defend their SS7 perimeter by reconfiguring network equipment and implementing SMS Home Routing solutions. This is the right way to withstand basic SS7 attacks, but it is not enough to protect the network. Our research and security audit practice proves that there are possibilities to perform SS7 attacks that bypass this kind of security mechanisms. Moreover, real attacks tend to be more stealthy and difficult to detect at an early stage. That is why we reckon mobile operators should engage continuous security monitoring of external SS7 connections supported by upto-date vulnerability base. In this talk, I will describe the most interesting attacks on SS7 networks that have never been published before. Keywords: SS7, Security, Location tracking, SMS interception. 1 Introduction The “walled garden” paradigm is outdated. Nearly all operators now admit that attackers have penetrated SS7 (Signaling System 7) networks by expl