P1 Security

Saint Petersburg, Russia, 25th November 2011 – Philippe Langlois of P1 Security will be presenting about 3G and LTE insecurity at DefCon Russia’s ZeroNights, a conference devoted to technical aspects of informational security featuring talks from world-famous experts coming from Russia, the USA, India, Singapore and France.

“The HLR is not only using TCP/IP for OAM and business workflow but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. This means that telecom are now facing new security risks both in term of exposure of and threats to its Core Network being exposed to unsophisticated IP-centered attackers and the continuous waves of telecom-centered defrauders. In this presentation, we’ll demo the new technologies of 3G and LTE networks and how to attack and defend them. We’ll also show what kind of exposure telecom companies, Mobile Network Operators and SS7 providers show to external attackers.” – Philippe Langlois.

Philippe Langlois of P1 Security presented to an audience of 200+ executives from telecom, banking, government and industry at the Malaysian Communications And Multimedia Commission in October this year.
This was the third event in the Network Security Industry Talk 2011 Series  organized by the Malaysia Regulator (MCMC) in collaboration with HITB. The event is hosted by SKMM, the Network Security Center of MCMC.

P1 Security will be presenting at the HITBSecConf on Attacking The GPRS Roaming eXchange (GRX).

In this presentation, we’ll see how GRX/GPRS infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.

We will demo some of the attacks on a simulated “PS Domain” network, that is the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.

Real-time Visualization and Analytics bring revolution in Telecom Security and Fraud Management with P1 Security and Picviz Labs

PARIS, 5th October, 2011 – P1 Security, the pioneering telecom security company offering unique security scanning and monitoring solutions and Picviz Labs, the leader in visual investigation for large data, today announced their technology partnership to make available Picviz’s real-time visualization and analytics capabilities as part of P1 Security’s unique telecom network security audit, vulnerability and monitoring solutions, P1 Telecom Auditor and P1 Telecom Monitor.

Read more…

P1 Security will be presenting a conference at Hack.lu 2011 on Denial of Services in Telecom operators and infrastructures, Banks and Internet Applications. We’ll present real world example and new techniques of how DoS is conducted in 2011. This is not about DDoS, botnet and zombies. We will focus on new attacks that target Telecom operators, ISPs, Banks and important applications. Sadly there are many simple ways to take down telecom, banking and internet infrastructure. We will present some generalized approach to these new form of Denial of Service and tools / examples. There will be notably some example of Denial of Service in NGN, LTE Advanced as well as in legacy SS7. Some demo and examples of our QuantSS7 tools will be presented as well as demo of PTA for Availability.

 

On may 5th, at Hotel Intercontinental Paris, P1 Security will present the current state of intrusions in telecom environments, from the big Mobile Network Operator down to the simple company with iPBX or even just using another provider for VoIP. The event is organized by CNIS Mag.

P1 Security has developped its product to be compatible with both IPv4 and IPv6, so it’s natural its web site become IPv6 enabled too. From today, you can reach P1 Security’s web site with IPv6, let us know of any problem linked to this change.

Happy easter!

P1 Security will be one of the speaker on the 28th of April 2011 for the round table on Digital Self Defence. Focusing on the notion of retaliation, what is allowed by law? What are the current practices? Can we have a glimpse on the future?

Philippe Langlois will present there how Telecom industry and large corporation on the Internet defend actively their perimeters and respond to offenses. This event will take place at the European Circle for Security of Information Systems, Pavillon Cambon-Capucines, 46 rue Cambon 75001 Paris.

For more information:

http://www.lecercle.biz/Portals/3/secured/agendaevent.aspx?f_id_event=36

P1 Security’s Philippe Langlois will be Keynote Speaker at Italian Security Summit, Milano, Italy on the 16 of March. Talking about the security dynamics of IT, Internet and Telecom security, Philippe will give an insight on subterranean dynamics that drive the fraud and attackers and on the other hand the security industry. Come meet us.

Also, Philippe will give with its partner @Mediaservice’s top security expert Raoul Chiesa a private briefing on Telecom security and frauds, with specific insights on how current security teams combat upcoming fraud and Telecom Advanced Persistent Threats. Register by contacting us with you organization and contact details.

After NASDAQ hacks, infrastructure security gets more focus both from businesses and governements. Longtime considered a “second interest domain” after application security, both CEOs and lawmakers are beginning to understand that once an infrastructure is compromised, the confidence is lost by million of people, and the damage can hit the billion of dollar mark.

Read more…

See how consultants can now use PTA to conduct new security missions regarding SS7 and SIGTRAN networks in their usual customer base.

PTA Consultant Kit aims exactly at this. Telecom Companies and Mobile Network Operators can now get service from known vendors with long standing relationship.

Read more…

P1 Security will be present on Mobile World Congress 2011 in Barcelona, Spain from 16th to 17th of February at Megapay’s booth No. 2.1D68, Hall 2-1. We will make an annoucement there of the great news that are happening for us.

This GSMA event is the most important for the telecom industry, come and meet us to discuss our products in the telecom security assessment, audit and risk rating.

Stay connected, register on our mailing list or contact us.

Philippe Langlois will present a workshop at Hack.LU 2010 conference in Luxembourg on SS7 Security called “SS7 and Telecom Core Network Weaknesses, Attacks and Defenses” on Wednesday 27.10.2010.

In this workshop, we propose to make people practice SS7 message creation, injection and network topology understanding. We will see what kind of vulnerabilities affect SS7 and Telecom signaling networks, how networks are structured and what can be an attack plan on the network. Amongst other things, we will address the case of current attacks performed by a) malicious people with fraud and extortion goals, b) crackers who want to take control of some equipments, c) nation states who want to take control of telecom critical infrastructure for strategic advantages or d) intelligence services who may be interested in silently taking advantage of not well known SS7 structure in order to gain valuable intelligence or perform tactical operations.

This workshop mixes limited theory and practice, using open source tools as well as closed source systems.

Attendees to this workshop must ideally come with their own laptop (Windows or Linux), a good understanding of Networking and TCP/IP. All telecom-specific terms will be explained during the workshop. Max 15 people.

With the growing popularity in Mobile Commerce around the world, the security of the Mobile Payments infrastructures remains a major concern to the industry, carriers, merchants and consumers alike. It is in this light that Megapay is proud to announce a strategic partnership agreement with P1 Security, one of Europe’s leading Telecommunications Security companies.

Megapay, as a part of the Mega Media group of companies, specializes in providing secure and trusted Mobile Payments solutions in the e-commerce and m-commerce space. Launched in March 2010, Megapay is quickly establishing itself as a preferred Mobile Payments solutions partner for mobile network operators and merchants across the globe.

P1 Security was founded by experts in enterprise software and network security services, is dedicated in providing high quality IT security products and services through placing its value in the maturity of security planning and implementation.

The aforementioned partnership will see P1 Security becoming Megapay’s network security partner to ensure the secure operations of Megapay’s payment platforms.

Both Megapay and P1 Security are positioned to break new technical ground in creating, testing and securing the complex processes that will enable a secure mobile payment ecosystem.

Emmanuel Gadaix, Megapay’s Technical Director made the following comments about the partnership: “The security of the underlying telecom infrastructure cannot be taken for granted, particularly when it carries financial data. Mobile Payment systems must ensure strict compliance with security standards and make sure they operate in a secure environment. With this partnership, Megapay and P1 Security will be able to address the security concerns of mobile operators and payment systems providers alike.“

For more information on Megapay please visit: http://www.megapay.com.

For more information on P1 Security please visit: http://www.p1sec.com.

Megapay Corporate Press Release.
Hong Kong, China – August 11th, 2010.