ZeroNights 2011

“The HLR is not only using TCP/IP for OAM and business workflow but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. This means that telecom are now facing new security risks both in term of exposure of and threats to its Core Network being exposed to unsophisticated IP-centered attackers and the continuous waves of telecom-centered defrauders. In this presentation, we’ll demo the new technologies of 3G and LTE networks and how to attack and defend them. We’ll also show what kind of exposure telecom companies, Mobile Network Operators and SS7 providers show to external attackers.” – Philippe Langlois.

In this presentation, we’ll see how GRX/GPRS infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.

We will demo some of the attacks on a simulated “PS Domain” network, that is the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.

PARIS, 5th October, 2011 – P1 Security, the pioneering telecom security company offering unique security scanning and monitoring solutions and Picviz Labs, the leader in visual investigation for large data, today announced their technology partnership to make available Picviz’s real-time visualization and analytics capabilities as part of P1 Security’s unique telecom network security audit, vulnerability and monitoring solutions, P1 Telecom Auditor and P1 Telecom Monitor.

The collaboration between P1 Security and Picviz Labs combines leading research and development in telecom networks and data visualization.  P1 Security’s innovative technologies enable rapid detection of security vulnerabilities and problems across an entire telecom network.  Picviz’s multi-dimensional visualization technology allows customers of P1 Security to analyze their vast dataset in real-time so that fraud entry points, security events and risks can be identified faster and more accurately than ever before.

“Being able to offer the capabilities of Picviz technologies to our customers ensures that we continue to provide the most innovative and advanced solutions to our telecom customers. This helps mature the telecom security domain, which up till now was reasonably isolated and only suffering from incidents of fraud. With new attacks and attackers, new ways to prepare and react to them are needed”, said Philippe Langlois, CEO, P1 Security.

“We are delighted to work with P1 Security to expand the practice of telecom security with our technologies, our research is highly complementary, we see a natural synergy between P1 Security’s expertise in large-scale telecom networks and our expertise in dynamically visualizing events and fraudulent behaviors in this domain. We’ve shown through this partnership that we are able to detect security events and problems much faster than the industry standard, and at such scale compared to traditional technologies of
the IP world which had been considered unfeasible for real-time analysis”, said Sebastien Tricaud, CTO, Picviz Labs.

With P1 Security and Picviz Labs technologies, telecom providers can now deploy high performance security solutions across their networks. Telecom operations, fraud and security staff will gain the capability to manage security risk on a massive scale; helping them avoid incident, network downtime and fraud related costs without any impact to service quality and availability.

About P1 Security

P1 Security is a pioneer of security vulnerability and intrusion detection technologies for telecom networks. P1 Telecom Audit and Monitor are the only solutions available today for the  auditing and monitoring of large scale telecom networks for vulnerabilities and security events. P1 Security was founded in 2009 by Philippe Langlois, former founder of Qualys, INTRINsec, Worldnet and the Telecom Security Task Force (TSTF) research forum. P1 Security’s team includes former executives of Telecom Italia and Neuf Telecom as well as renowned security researchers who present unique P1 Security research at leading international security conferences. P1 Security has also presented numerous times to the Security Group of the GSMA.

http://www.p1sec.com

About Picviz Labs

Founded in 2010, Picviz Labs develops intuitive visualization technologies based on advanced mathematical algorithms and computations, enabling enterprises to simultaneously analyze and investigate massive dataset in real-time. Picviz Labs was founded by Philippe Saadé, graduate mathematician of ENS (Ecole Normale Supérieure) and Sébastien Tricaud, a renowned information security researcher and CTO of the Honeynet Project. Picviz Labs is a Créalys incubation project and winner of France’s OSEO 2010 and 2011 startup contests. Picviz Labs customers include large banks and governmental agencies.

http://www.piciviz.com

P1 Security media contact:
Ed Daniel – ed.daniel@p1sec.com

Picviz Labs media contact:
Thibault Lallement – tlallement@picviz.com

Happy easter!

P1 Security will be one of the speaker on the 28th of April 2011 for the round table on Digital Self Defence. Focusing on the notion of retaliation, what is allowed by law? What are the current practices? Can we have a glimpse on the future?

Philippe Langlois will present there how Telecom industry and large corporation on the Internet defend actively their perimeters and respond to offenses. This event will take place at the European Circle for Security of Information Systems, Pavillon Cambon-Capucines, 46 rue Cambon 75001 Paris.

For more information:

http://www.lecercle.biz/Portals/3/secured/agendaevent.aspx?f_id_event=36

Also, Philippe will give with its partner @Mediaservice’s top security expert Raoul Chiesa a private briefing on Telecom security and frauds, with specific insights on how current security teams combat upcoming fraud and Telecom Advanced Persistent Threats. Register by contacting us with you organization and contact details.

Telecom is exactly in that focus. It’s great when it works, and is supposed to work all the time with careful planning, deployment and testing. But telecom networks are suffering the same path as internet did: from normal operations to hostile conditions where spammers, unidentified attackers potentially backed by countries and fraudsters compete at abusing part of the network.

The resulting network instability, frauds, loss of image, loss of revenue or country-wide network downtime starts now to be seen, without the proper technology to proactively test your network against these risks, monitor the network at low level or conduct forensics. Thus the whole industry will have to “descend” in the lower layer of the network, auditing and monitoring not only CDRs and Billing Systems with FMS (Fraud Management Systems) but also caring about the low level SS7 and SIGTRAN signalling.

These times are now, as we’ve seen major outage that, so far, could not be traced down to a single reason or culprit. And thus nobody in these organization neither had the vision before hand on their network “pain points” nor could they, after the facts discover the technological origin of the problem, restarting was their only preoccupation.

Such business practice will gradually disappear and be replaced by proactive detection of vulnerabilities and reactive management of attacks through detection. SS7 and SIGTRAN vulnerability scanning is part of that new approach, and P1 Security is the key player in that domain with P1 Telecom Auditor, enabling both security and telecom experts AND managers, directors, executives to visualize and understand the security problems and solutions.

PTA Consultant Kit aims exactly at this. Telecom Companies and Mobile Network Operators can now get service from known vendors with long standing relationship.

Read more…

This GSMA event is the most important for the telecom industry, come and meet us to discuss our products in the telecom security assessment, audit and risk rating.

Stay connected, register on our mailing list or contact us.

In this workshop, we propose to make people practice SS7 message creation, injection and network topology understanding. We will see what kind of vulnerabilities affect SS7 and Telecom signaling networks, how networks are structured and what can be an attack plan on the network. Amongst other things, we will address the case of current attacks performed by a) malicious people with fraud and extortion goals, b) crackers who want to take control of some equipments, c) nation states who want to take control of telecom critical infrastructure for strategic advantages or d) intelligence services who may be interested in silently taking advantage of not well known SS7 structure in order to gain valuable intelligence or perform tactical operations.

This workshop mixes limited theory and practice, using open source tools as well as closed source systems.

Attendees to this workshop must ideally come with their own laptop (Windows or Linux), a good understanding of Networking and TCP/IP. All telecom-specific terms will be explained during the workshop. Max 15 people.

Megapay, as a part of the Mega Media group of companies, specializes in providing secure and trusted Mobile Payments solutions in the e-commerce and m-commerce space. Launched in March 2010, Megapay is quickly establishing itself as a preferred Mobile Payments solutions partner for mobile network operators and merchants across the globe.

P1 Security was founded by experts in enterprise software and network security services, is dedicated in providing high quality IT security products and services through placing its value in the maturity of security planning and implementation.

The aforementioned partnership will see P1 Security becoming Megapay’s network security partner to ensure the secure operations of Megapay’s payment platforms.

Both Megapay and P1 Security are positioned to break new technical ground in creating, testing and securing the complex processes that will enable a secure mobile payment ecosystem.

Emmanuel Gadaix, Megapay’s Technical Director made the following comments about the partnership: “The security of the underlying telecom infrastructure cannot be taken for granted, particularly when it carries financial data. Mobile Payment systems must ensure strict compliance with security standards and make sure they operate in a secure environment. With this partnership, Megapay and P1 Security will be able to address the security concerns of mobile operators and payment systems providers alike.“

For more information on Megapay please visit: http://www.megapay.com.

For more information on P1 Security please visit: http://www.p1sec.com.

Megapay Corporate Press Release.
Hong Kong, China – August 11th, 2010.