TLDW: they didn’t “hack” the actual phone, they just used someone who has unfettered access to SS7 to reroute/bridge a network deviceid and takeover for another registered device. It’s something governments do, not some random script kiddie.

It’s kiiiinda babytown frolics if you have the money and connections already, but I guess this is informative for people who don’t know how it works by now. It’s like saying you “hacked” the car dealership by stealing the keys to a car and driving off with it. You just stole a car.

https://www.eff.org/deeplinks/2024/07/eff-fcc-ss7-vulnerable-and-telecoms-must-acknowledge