Security Consulting and Expertise for Telecom and Mobile Operators

Telecom Signaling Security Consulting

The telecom infrastructure is opening with Value Added Services provided by third parties, growing Signaling Interconnects and expansion of attack vectors and entry points through new services such as Femto Cells access networks or 3G convergent services integrated with tcp/ip.
Due to the opening of the telecom world to an ever growing set of business partners and customer services, new threat are on the rise.
Few telecom companies have a real understanding of the risks linked to their Telecom Signaling network and the new connections between their Core Network and the Internet.
P1 Security helps telecom and mobile operators assess and analyze their security in their core network and signaling perimeters.

Consulting Missions

  • SS7 and SIGTRAN Penetration testing
  • Telecom configuration audit
  • SS7 Interconnect security analysis
  • 3G protocol and configuration security audit
  • Telecom Network Elements vulnerability analysis
  • SS7 and SIGTRAN Network security architecture
  • Femto-cell access network security audit
  • Telecom product analysis
  • SS7 external information gathering
  • SMS / MMS fraud audit, SIM & AuC leakage audit
  • Management & OAM attacks
  • VAS and IN services analysis
  • SIGTRAN adaptation layers configuration audit
  • VPN, ATM, AAL telecom access network audit
  • Equipment and protocol reverse engineering

Technical area of expertise


  • Low-level SS7 protocols



  • M3UA, M2PA, M2UA
  • IUA, SUA, V5UA
  • H248, Megaco
  • Q.1902.1/Q.2150.3


Access networks

  • ATM and AAL
  • A, A Bis interfaces O&M
  • OML, LMT, Integrated OAM
  • MML console


3G, UMTS and Femto Cell

  • IuCS, IuPS interfaces


Network Elements

  • STP, MGW
  • IN, CAMEL and VAS
  • FMS, LIG
  • SG, AS, ASP, SN


Legacy equipment

  • X25, XOT, VTAM
  • VX, FPGA-based equipment




Equipments and Technologies

P1 Security experts use method and tools to audit any kind of Telecom signaling environment.
In the previous missions, we have successfully delivered missions within the following vendor environments:
Acision, Acterna, Adventnet, Alcatel-Lucent, Anritsu, Apertio, Asterisk, Cisco, CMG, Comverse, Cyrpack, DataKinetics, Digital, Ericsson, HP, Huawei, IBM, Logica, Marconi, Motorola, Nokia, Nortel, NSN, Siemens, Squire, Sysmaster, SS8, Tellabs , Tekelec, Tektronix.

Network Element Audit

Either to check the configuration security of a specific Network Element or to inspect a specific instance of a HSS, a Diameter Agent, a MME, a MSC or a STP, P1 Security conducts missions specific to only one Network Element. Some of these mission can be extremely specific such as for example determining illegal usage of Legal Interception functionnality in switches and systems with many level of depth. In this case for example, this goes from lowest to hardest level in the following manner: level 1: audit of interception list, level 2: audit of configuration of the interception part, level 3: audit of interception interfaces and network traffic, level 3: legal interception software audit and backdoor identification. As for this mission example, we can spend anywhere between 1 week and 2 month on the same equipment-related mission depending on the goal of the customer.