From SMS spam to full-fledged fraud, Telecom is used to deal with Fraud and attacks, and to respond to these issues using Fraud Management Systems (FMS, antispam for SMSC and many other methods. Now, the landscape has changed. Attackers are becoming increasingly aggressive to the point where FMS and traditional anti-fraud systems are not efficient anymore and now use techniques that, if successful, could bring the telecom or mobile network operator to its knees. We’ve seen nationwide DoS and outages with targeted attacks on HLR or MSCs, crashed MGW, SS7 DoS at the SCCP, TCAP and MAP level, several down days of SMS service, crashed Network Elements due to faulty SIGTRAN stacks and even full dumps of SIM cards complete with IMSI and Ki available for sale in the underground forums.

These attacks are now everywhere, regardless of the technology, whether it Is legacy SS7, IMS or NGN network all the way to full IP with BICC, VoIP SIP with its many variants and RTP; up Femtocell access protocols and LTE S1AP, X2AP and Diameter. Everything boils down to facing attacks that you must prevent proactively, because if you’re vulnerable and they strike, you’re already as good as dead: service downtime, stolen data, improper access and increasingly disturbing creativity from attackers. The threat environment shows that the monetization of telecom-related vulnerabilities is mature and much more evolved than traditional stolen-VoIP resellers. We’ll see how we can make sure to address these problems before they occur and how to build an ecosystem that can provide an adapted response to these new and ever changing threats and attacks.

Heidelberg, Germany, 20th March, 2012 – Philippe Langlois of P1 Security will deliver a talk titled “Assault on the GRX (GPRS Roaming eXchange) from the Telecom Core Network perspective, from 2.5G to LTE Advanced” at Troopers 2012, an IT security event focused on high end security education. Phil will speak on Telco Security Day, an exclusive, closed event that gathers researchers and practitioners from the Telco and mobile security fields.

“We’ll see how this infrastructure is protected and can be attacked, and we’ll discover the issues with the specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see its implication with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several typical vulnerabilities that we will be showed in this speech.” – Philippe Langlois

ZeroNights 2011

Saint Petersburg, Russia, 25th November 2011 – Philippe Langlois of P1 Security will be presenting about 3G and LTE insecurityat DefCon Russia’s ZeroNights, a conference devoted to technical aspects of informational security featuring talks from world-famous experts coming from Russia, the USA, India, Singapore and France.

“The HLR is not only using TCP/IP for OAM and business workflow but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. This means that telecom are now facing new security risks both in term of exposure of and threats to its Core Network being exposed to unsophisticated IP-centered attackers and the continuous waves of telecom-centered defrauders. In this presentation, we’ll demo the new technologies of 3G and LTE networks and how to attack and defend them. We’ll also show what kind of exposure telecom companies, Mobile Network Operators and SS7 providers show to external attackers.” – Philippe Langlois.

In this presentation, we’ll see how GRX/GPRS infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.

We will demo some of the attacks on a simulated “PS Domain” network, that is the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.

PARIS, 5th October, 2011 – P1 Security, the pioneering telecom security company offering unique security scanning and monitoring solutions and Picviz Labs, the leader in visual investigation for large data, today announced their technology partnership to make available Picviz’s real-time visualization and analytics capabilities as part of P1 Security’s unique telecom network security audit, vulnerability and monitoring solutions, P1 Telecom Auditor and P1 Telecom Monitor.

The collaboration between P1 Security and Picviz Labs combines leading research and development in telecom networks and data visualization.  P1 Security’s innovative technologies enable rapid detection of security vulnerabilities and problems across an entire telecom network.  Picviz’s multi-dimensional visualization technology allows customers of P1 Security to analyze their vast dataset in real-time so that fraud entry points, security events and risks can be identified faster and more accurately than ever before.

“Being able to offer the capabilities of Picviz technologies to our customers ensures that we continue to provide the most innovative and advanced solutions to our telecom customers. This helps mature the telecom security domain, which up till now was reasonably isolated and only suffering from incidents of fraud. With new attacks and attackers, new ways to prepare and react to them are needed”, said Philippe Langlois, CEO, P1 Security.

“We are delighted to work with P1 Security to expand the practice of telecom security with our technologies, our research is highly complementary, we see a natural synergy between P1 Security’s expertise in large-scale telecom networks and our expertise in dynamically visualizing events and fraudulent behaviors in this domain. We’ve shown through this partnership that we are able to detect security events and problems much faster than the industry standard, and at such scale compared to traditional technologies of
the IP world which had been considered unfeasible for real-time analysis”, said Sebastien Tricaud, CTO, Picviz Labs.

With P1 Security and Picviz Labs technologies, telecom providers can now deploy high performance security solutions across their networks. Telecom operations, fraud and security staff will gain the capability to manage security risk on a massive scale; helping them avoid incident, network downtime and fraud related costs without any impact to service quality and availability.

About P1 Security

P1 Security is a pioneer of security vulnerability and intrusion detection technologies for telecom networks. P1 Telecom Audit and Monitor are the only solutions available today for the  auditing and monitoring of large scale telecom networks for vulnerabilities and security events. P1 Security was founded in 2009 by Philippe Langlois, former founder of Qualys, INTRINsec, Worldnet and the Telecom Security Task Force (TSTF) research forum. P1 Security’s team includes former executives of Telecom Italia and Neuf Telecom as well as renowned security researchers who present unique P1 Security research at leading international security conferences. P1 Security has also presented numerous times to the Security Group of the GSMA.

http://www.p1sec.com

About Picviz Labs

Founded in 2010, Picviz Labs develops intuitive visualization technologies based on advanced mathematical algorithms and computations, enabling enterprises to simultaneously analyze and investigate massive dataset in real-time. Picviz Labs was founded by Philippe Saadé, graduate mathematician of ENS (Ecole Normale Supérieure) and Sébastien Tricaud, a renowned information security researcher and CTO of the Honeynet Project. Picviz Labs is a Créalys incubation project and winner of France’s OSEO 2010 and 2011 startup contests. Picviz Labs customers include large banks and governmental agencies.

http://www.piciviz.com

P1 Security media contact:
Ed Daniel – ed.daniel@p1sec.com

Picviz Labs media contact:
Thibault Lallement – tlallement@picviz.com

Happy easter!

P1 Security will be one of the speaker on the 28th of April 2011 for the round table on Digital Self Defence. Focusing on the notion of retaliation, what is allowed by law? What are the current practices? Can we have a glimpse on the future?

Philippe Langlois will present there how Telecom industry and large corporation on the Internet defend actively their perimeters and respond to offenses. This event will take place at the European Circle for Security of Information Systems, Pavillon Cambon-Capucines, 46 rue Cambon 75001 Paris.

For more information:

http://www.lecercle.biz/Portals/3/secured/agendaevent.aspx?f_id_event=36

Also, Philippe will give with its partner @Mediaservice’s top security expert Raoul Chiesa a private briefing on Telecom security and frauds, with specific insights on how current security teams combat upcoming fraud and Telecom Advanced Persistent Threats. Register by contacting us with you organization and contact details.

Telecom is exactly in that focus. It’s great when it works, and is supposed to work all the time with careful planning, deployment and testing. But telecom networks are suffering the same path as internet did: from normal operations to hostile conditions where spammers, unidentified attackers potentially backed by countries and fraudsters compete at abusing part of the network.

The resulting network instability, frauds, loss of image, loss of revenue or country-wide network downtime starts now to be seen, without the proper technology to proactively test your network against these risks, monitor the network at low level or conduct forensics. Thus the whole industry will have to “descend” in the lower layer of the network, auditing and monitoring not only CDRs and Billing Systems with FMS (Fraud Management Systems) but also caring about the low level SS7 and SIGTRAN signalling.

These times are now, as we’ve seen major outage that, so far, could not be traced down to a single reason or culprit. And thus nobody in these organization neither had the vision before hand on their network “pain points” nor could they, after the facts discover the technological origin of the problem, restarting was their only preoccupation.

Such business practice will gradually disappear and be replaced by proactive detection of vulnerabilities and reactive management of attacks through detection. SS7 and SIGTRAN vulnerability scanning is part of that new approach, and P1 Security is the key player in that domain with P1 Telecom Auditor, enabling both security and telecom experts AND managers, directors, executives to visualize and understand the security problems and solutions.