See how consultants can now use PTA to conduct new security missions regarding SS7 and SIGTRAN networks in their usual customer base.
PTA Consultant Kit aims exactly at this. Telecom Companies and Mobile Network Operators can now get service from known vendors with long standing relationship.
P1 Security will be present on Mobile World Congress 2011 in Barcelona, Spain from 16th to 17th of February at Megapay’s booth No. 2.1D68, Hall 2-1. We will make an annoucement there of the great news that are happening for us.
This GSMA event is the most important for the telecom industry, come and meet us to discuss our products in the telecom security assessment, audit and risk rating.
Stay connected, register on our mailing list or contact us.
Philippe Langlois will present a workshop at Hack.LU 2010 conference in Luxembourg on SS7 Security called “SS7 and Telecom Core Network Weaknesses, Attacks and Defenses” on Wednesday 27.10.2010.
In this workshop, we propose to make people practice SS7 message creation, injection and network topology understanding. We will see what kind of vulnerabilities affect SS7 and Telecom signaling networks, how networks are structured and what can be an attack plan on the network. Amongst other things, we will address the case of current attacks performed by a) malicious people with fraud and extortion goals, b) crackers who want to take control of some equipments, c) nation states who want to take control of telecom critical infrastructure for strategic advantages or d) intelligence services who may be interested in silently taking advantage of not well known SS7 structure in order to gain valuable intelligence or perform tactical operations.
This workshop mixes limited theory and practice, using open source tools as well as closed source systems.
Attendees to this workshop must ideally come with their own laptop (Windows or Linux), a good understanding of Networking and TCP/IP. All telecom-specific terms will be explained during the workshop. Max 15 people.
With the growing popularity in Mobile Commerce around the world, the security of the Mobile Payments infrastructures remains a major concern to the industry, carriers, merchants and consumers alike. It is in this light that Megapay is proud to announce a strategic partnership agreement with P1 Security, one of Europe’s leading Telecommunications Security companies.
Megapay, as a part of the Mega Media group of companies, specializes in providing secure and trusted Mobile Payments solutions in the e-commerce and m-commerce space. Launched in March 2010, Megapay is quickly establishing itself as a preferred Mobile Payments solutions partner for mobile network operators and merchants across the globe.
P1 Security was founded by experts in enterprise software and network security services, is dedicated in providing high quality IT security products and services through placing its value in the maturity of security planning and implementation.
The aforementioned partnership will see P1 Security becoming Megapay’s network security partner to ensure the secure operations of Megapay’s payment platforms.
Both Megapay and P1 Security are positioned to break new technical ground in creating, testing and securing the complex processes that will enable a secure mobile payment ecosystem.
Emmanuel Gadaix, Megapay’s Technical Director made the following comments about the partnership: “The security of the underlying telecom infrastructure cannot be taken for granted, particularly when it carries financial data. Mobile Payment systems must ensure strict compliance with security standards and make sure they operate in a secure environment. With this partnership, Megapay and P1 Security will be able to address the security concerns of mobile operators and payment systems providers alike.“
For more information on Megapay please visit: http://www.megapay.com.
For more information on P1 Security please visit: http://www.p1sec.com.
Megapay Corporate Press Release.
Hong Kong, China – August 11th, 2010.
P1 Security Telecom Auditor (PTA) just got a new network mapping visualization technology. This enables better visualization of network topologies according to either the 3-8-3 address formatting or the 5-4-5 formatting. You get instant understanding of the network planning and topology, directly from the generated network maps during the audit.
The main problem with SS7 networks is that many different vendor provided the equipments, systems and network elements that constitute the network; many consultants deployed these with their own way of configuring systems and as a result, nobody has a clear view of the resulting SS7 network. PTA helps keeping a clear view on what is going on in the SS7 network.
This technology is available in PTA for all current users and for commercial licensing as OEM provider for software vendors. Contact us for more information.
Philippe Langlois will be talking at HES2010 about “Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden” from 5pm to 6pm at MdO conference center in Paris. This talk will cover entry point discovery to real-world telecom signaling network and following exploitation using SS7 and SIGTRAN attacks to inject signaling into the Core Network of an operator. The talk will explain how critical and difficult it is to obtain a good perimeter monitoring on the SS7 and Signaling external side as well as on the internal signaling Core Network, be it Packet or Switched-oriented.
Event: 26C3
Location: Berlin
Date: December 2009
On 28th of December 2009, Philippe Langlois delivered “SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system” presentation for Chaos Communication Congress, in Berlin, Germany. This conference, 26C3 was one of the major conference about breakthrough in offensive and defensive computing.
Back to the good old Blue Box?
SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it’s getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we’re getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.
Attacking the SS7 network is fun, but there’s a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that’s called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We’ll study all the entry points and the recent progresses in the Telecom security attacks.
One step further toward the HLR: Attacking SS7 applications
Event: H2HC
Location: Sao Paulo, Brazil
Date: December 2009
http://www.h2hc.org.br/en/
http://www.h2hc.com.br/palestrantes.php#Speaker18
Philippe Langlois also participated in “Hackers to CSO”, a meeting that brought together hackers, security professionals and CSO, IT decision makers, journalists in order to conduct an assessment of the maturity and current stakes of security in the enterprise in South America and globally.
He also joined the CyberWar panel where he exposed the implication of “Cyber War” in Telecom security. What are the impact of one country, one mafia group, one nationalistic cracker group directing their effort against a Telecom infrastructure? How to defend against malicious SS7 maneuvers coming from a foreign country or foreign company?
How many times did you use ipcalc in a pentest? Now you have the same thing for SS7 networking: ss7calc. Check our Tools page for our fresh project just released on Github.
This utility was created due to the high number of SS7 point codes conversions we had to do during the last SS7 Core Network audit. Online converters are nice but definitely lack scripting-friendliness. Now we share it with the community.
HostileWRT: Fully-Automated Wireless Security Audit Platform on Embedded Hardware
Philippe Langlois & Eugene Parkinson
Event: Hack.lu
Location: Luxembourg
Date: 2009-10-29
HostileWRT has beend presented during Hack.lu in Luxembourg. Eugene Parkinson and Philippe Langlois presented on Thursday 29.10.2009 their new development on their “Fully-Automated Wireless Security Audit Platform on Embedded Hardware” and released HostileWRT version 0.5.0 during the conference.
The security environment is changing. With top telecom infrastructure completely compromised, carrier company data exposed on public security mailing list, internal signaling core network backdoors and security officers laptop data leaks, we’re witnessing an environment more hostile by a degree of magnitude compared to ten years ago. This situation needs important proactive actions, pragmatic contingency plans and an expanded reactive capacity.
P1 Security is dedicated to providing top security products and services in competitive and sensitive areas. Founded by experts in Security and Enterprise software and services, P1 Security places its value in maturity of security planning and implementation, while preserving the clients business.
P1 Security was founded by Philippe Langlois, founder of Qualys (world leader of vulnerability assessment service), INTRINsec (European consulting company, first to launch penetration testing in France and one of the earliest Payment Gateway security technology provider), Telecom Security Task Force (Research think tank and consulting network in Telecom sector), WaveSecurity (Wireless networks security technology manufacturer).
Please contact us if you wish to enquire about our products and services.
P1 Security Team.
