The main problem with SS7 networks is that many different vendor provided the equipments, systems and network elements that constitute the network; many consultants deployed these with their own way of configuring systems and as a result, nobody has a clear view of the resulting SS7 network. PTA helps keeping a clear view on what is going on in the SS7 network.

This technology is available in PTA for all current users and for commercial licensing as OEM provider for software vendors. Contact us for more information.

read more | agenda

On 28th of December 2009, Philippe Langlois delivered “SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system” presentation for Chaos Communication Congress, in Berlin, Germany. This conference, 26C3 was one of the major conference about breakthrough in offensive and defensive computing.

Back to the good old Blue Box?

SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it’s getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we’re getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.

Attacking the SS7 network is fun, but there’s a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that’s called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We’ll study all the entry points and the recent progresses in the Telecom security attacks.

download pdf

download video: mp4 – torrent – wmv

http://www.h2hc.org.br/en/
http://www.h2hc.com.br/palestrantes.php#Speaker18

download pdf

Philippe Langlois also participated in “Hackers to CSO”, a meeting that brought together hackers, security professionals and CSO, IT decision makers, journalists in order to conduct an assessment of the maturity and current stakes of security in the enterprise in South America and globally.

He also joined the CyberWar panel where he exposed the implication of “Cyber War” in Telecom security. What are the impact of one country, one mafia group, one nationalistic cracker group directing their effort against a Telecom infrastructure? How to defend against malicious SS7 maneuvers coming from a foreign country or foreign company?

This utility was created due to the high number of SS7 point codes conversions we had to do during the last SS7 Core Network audit. Online converters are nice but definitely lack scripting-friendliness. Now we share it with the community.

HostileWRT has beend presented during Hack.lu in Luxembourg. Eugene Parkinson and Philippe Langlois presented on Thursday 29.10.2009 their new development on their “Fully-Automated Wireless Security Audit Platform on Embedded Hardware” and released HostileWRT version 0.5.0 during the conference.

hack.lu info page

hack.lu agenda

download pdf

P1 Security is dedicated to providing top security products and services in competitive and sensitive areas. Founded by experts in Security and Enterprise software and services, P1 Security places its value in maturity of security planning and implementation, while preserving the clients business.

P1 Security was founded by Philippe Langlois, founder of Qualys (world leader of vulnerability assessment service), INTRINsec (European consulting company, first to launch penetration testing in France and one of the earliest Payment Gateway security technology provider), Telecom Security Task Force (Research think tank and consulting network in Telecom sector), WaveSecurity (Wireless networks security technology manufacturer).

Please contact us if you wish to enquire about our products and services.

P1 Security Team.