Philippe Langlois, Founder & CEO of P1 Security, will present at the 25th general meeting of MAAWG, the Messaging Anti-Abuse Working Group, in Berlin, Germany, 5 – 7 June 2012. Phil will deliver a presentation titled, “Telecom Signaling Security: Balancing protection levels in Core Networks from SS7 to LTE.”
From SMS spam to full-fledged fraud, Telecom is used to deal with Fraud and attacks, and to respond to these issues using Fraud Management Systems (FMS, antispam for SMSC and many other methods. Now, the landscape has changed. Attackers are becoming increasingly aggressive to the point where FMS and traditional anti-fraud systems are not efficient anymore and now use techniques that, if successful, could bring the telecom or mobile network operator to its knees. We’ve seen nationwide DoS and outages with targeted attacks on HLR or MSCs, crashed MGW, SS7 DoS at the SCCP, TCAP and MAP level, several down days of SMS service, crashed Network Elements due to faulty SIGTRAN stacks and even full dumps of SIM cards complete with IMSI and Ki available for sale in the underground forums.
These attacks are now everywhere, regardless of the technology, whether it Is legacy SS7, IMS or NGN network all the way to full IP with BICC, VoIP SIP with its many variants and RTP; up Femtocell access protocols and LTE S1AP, X2AP and Diameter. Everything boils down to facing attacks that you must prevent proactively, because if you’re vulnerable and they strike, you’re already as good as dead: service downtime, stolen data, improper access and increasingly disturbing creativity from attackers. The threat environment shows that the monetization of telecom-related vulnerabilities is mature and much more evolved than traditional stolen-VoIP resellers. We’ll see how we can make sure to address these problems before they occur and how to build an ecosystem that can provide an adapted response to these new and ever changing threats and attacks.
Paris, France, 12 April 2012 – P1 Security is a lead organizer and host of Hackito Ergo Sum 2012, a leading International Security conference bringing security experts from all corners of the world to a leading security event in Europe. This 3rd Edition brings renowned security experts for three days of highly technical security talks and roundtable sessions that bring together hackers, security experts, security vendors and members of public administrations to discuss leading topics. Attendees will try to anticipate the short term global challenges of 2012 by taking a deep dive into the findings of security researchers around the globe.
Moscow, Russia, 30 March, 2012 – Fyodor Yarochkin (security analyst with P1 Security) and Vladimir Kropotov will present research entitled, “Trends of network attacks, caused by the actions of active users: honest and dishonest monetization of free resources.” The discussion will focus on risks and consequences associated with trying to find users on the Internet who download for free books, music, video drivers, software updates, etc. The discussion will include examples of sites and analysis of the geographical location of these resources, some of which are offshore. It will show documented information security systems that provide examples of user data, which is then monetized, including through mobile phones, and also examples of the behavior of users whose money is utilized by the owners of these resources.
Heidelberg, Germany, 20th March, 2012 – Philippe Langlois of P1 Security will deliver a talk titled “Assault on the GRX (GPRS Roaming eXchange) from the Telecom Core Network perspective, from 2.5G to LTE Advanced” at Troopers 2012, an IT security event focused on high end security education. Phil will speak on Telco Security Day, an exclusive, closed event that gathers researchers and practitioners from the Telco and mobile security fields.
“We’ll see how this infrastructure is protected and can be attacked, and we’ll discover the issues with the specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see its implication with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several typical vulnerabilities that we will be showed in this speech.” – Philippe Langlois
ZeroNights 2011
Saint Petersburg, Russia, 25th November 2011 – Philippe Langlois of P1 Security will be presenting about 3G and LTE insecurityat DefCon Russia’s ZeroNights, a conference devoted to technical aspects of informational security featuring talks from world-famous experts coming from Russia, the USA, India, Singapore and France.
“The HLR is not only using TCP/IP for OAM and business workflow but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. This means that telecom are now facing new security risks both in term of exposure of and threats to its Core Network being exposed to unsophisticated IP-centered attackers and the continuous waves of telecom-centered defrauders. In this presentation, we’ll demo the new technologies of 3G and LTE networks and how to attack and defend them. We’ll also show what kind of exposure telecom companies, Mobile Network Operators and SS7 providers show to external attackers.” – Philippe Langlois.
Philippe Langlois of P1 Security presented to an audience of 200+ executives from telecom, banking, government and industry at the Malaysian Communications And Multimedia Commission in October this year.
This was the third event in the Network Security Industry Talk 2011 Series organized by the Malaysia Regulator (MCMC) in collaboration with HITB. The event is hosted by SKMM, the Network Security Center of MCMC.
P1 Security will be presenting at the HITBSecConf on Attacking The GPRS Roaming eXchange (GRX).
In this presentation, we’ll see how GRX/GPRS infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.
We will demo some of the attacks on a simulated “PS Domain” network, that is the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.
P1 Security will be presenting a conference at Hack.lu 2011 on Denial of Services in Telecom operators and infrastructures, Banks and Internet Applications. We’ll present real world example and new techniques of how DoS is conducted in 2011. This is not about DDoS, botnet and zombies. We will focus on new attacks that target Telecom operators, ISPs, Banks and important applications. Sadly there are many simple ways to take down telecom, banking and internet infrastructure. We will present some generalized approach to these new form of Denial of Service and tools / examples. There will be notably some example of Denial of Service in NGN, LTE Advanced as well as in legacy SS7. Some demo and examples of our QuantSS7 tools will be presented as well as demo of PTA for Availability.
On may 5th, at Hotel Intercontinental Paris, P1 Security will present the current state of intrusions in telecom environments, from the big Mobile Network Operator down to the simple company with iPBX or even just using another provider for VoIP. The event is organized by CNIS Mag.
P1 Security will be one of the speaker on the 28th of April 2011 for the round table on Digital Self Defence. Focusing on the notion of retaliation, what is allowed by law? What are the current practices? Can we have a glimpse on the future?
Philippe Langlois will present there how Telecom industry and large corporation on the Internet defend actively their perimeters and respond to offenses. This event will take place at the European Circle for Security of Information Systems, Pavillon Cambon-Capucines, 46 rue Cambon 75001 Paris.
For more information:
http://www.lecercle.biz/Portals/3/secured/agendaevent.aspx?f_id_event=36
P1 Security’s Philippe Langlois will be Keynote Speaker at Italian Security Summit, Milano, Italy on the 16 of March. Talking about the security dynamics of IT, Internet and Telecom security, Philippe will give an insight on subterranean dynamics that drive the fraud and attackers and on the other hand the security industry. Come meet us.
Also, Philippe will give with its partner @Mediaservice’s top security expert Raoul Chiesa a private briefing on Telecom security and frauds, with specific insights on how current security teams combat upcoming fraud and Telecom Advanced Persistent Threats. Register by contacting us with you organization and contact details.
P1 Security will be present on Mobile World Congress 2011 in Barcelona, Spain from 16th to 17th of February at Megapay’s booth No. 2.1D68, Hall 2-1. We will make an annoucement there of the great news that are happening for us.
This GSMA event is the most important for the telecom industry, come and meet us to discuss our products in the telecom security assessment, audit and risk rating.
Stay connected, register on our mailing list or contact us.
Philippe Langlois will present a workshop at Hack.LU 2010 conference in Luxembourg on SS7 Security called “SS7 and Telecom Core Network Weaknesses, Attacks and Defenses” on Wednesday 27.10.2010.
In this workshop, we propose to make people practice SS7 message creation, injection and network topology understanding. We will see what kind of vulnerabilities affect SS7 and Telecom signaling networks, how networks are structured and what can be an attack plan on the network. Amongst other things, we will address the case of current attacks performed by a) malicious people with fraud and extortion goals, b) crackers who want to take control of some equipments, c) nation states who want to take control of telecom critical infrastructure for strategic advantages or d) intelligence services who may be interested in silently taking advantage of not well known SS7 structure in order to gain valuable intelligence or perform tactical operations.
This workshop mixes limited theory and practice, using open source tools as well as closed source systems.
Attendees to this workshop must ideally come with their own laptop (Windows or Linux), a good understanding of Networking and TCP/IP. All telecom-specific terms will be explained during the workshop. Max 15 people.
Philippe Langlois will be talking at HES2010 about “Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden” from 5pm to 6pm at MdO conference center in Paris. This talk will cover entry point discovery to real-world telecom signaling network and following exploitation using SS7 and SIGTRAN attacks to inject signaling into the Core Network of an operator. The talk will explain how critical and difficult it is to obtain a good perimeter monitoring on the SS7 and Signaling external side as well as on the internal signaling Core Network, be it Packet or Switched-oriented.
