ss7 is only one access vektor of killchain.this comapny and thier solutions is infect iphone and android telephone.the cirkles solution is put at telekom headquarters thanks to autocratic goverment for spying. cirkles become authorised SS7 sender or recipient because acting like telco at telco access point{no need rogue access if u are telco}SS7 can tell target is in country or target is in other county but on national telekom network {in instanse, german company t-mobile has network in france}. once confirm target is in country, attacker has many option - most common is ask target phone where is located (baseband processor: not detect by target}, intercept phone call {not detect}, intercept text message {not detect -- uses for two faktor authroisation intersept}, send target message that looks like friend sent it {with viruss link}.[1]telekom in western country do not accept SS7 from eastern country where target does not currently travel.this is old SS7 attack and many commercial SS7 firewall to prevent attack[2]. femtocell is other cirkles product when close access require becaus no telekom access or for secret polise unit. same funktion. when attacker cant use cell network{because target is opsec} cirkles use information leak from many secure message platform. message is encrypt, but target metadata is not encrpyt, and can enumerated from secure message provider {e2e platforms is good encrypt, but bad privacy opsec.} cirkles know when target online, if target read message, when target typing, etc etc etc. more this information good for more targeting for NS0 grupo {email virus, secure message virus, sexy girl, new job, parcel delivery, etc etc etc}