contact@p1sec.com

PTA SS7/SIGTRAN Extended CS Core Network Vulnerability Assessment security project concerns an active Extended SS7/SIGTRAN signaling scanning of an Operator’s  CS Core Network from International Roaming perspective (INAT0).

INAT0 (International Roaming) security will be evaluated.

Through use of PTA, P1 Security Proprietary Telecom-specific scanner, this Vulnerability Assessment will cover FS.11 GSMA Category 1, 2 & 3 SS7 signaling MAP messages, and SMS messages:

  • Category 1 messages: Messages that should only be received from within the same network.
  • Category 2 messages: Messages that should only be received from the subscriber’s home network.
  • Category 3 messages: Messages that should only be received from the subscriber’s visited network.

P1 Security will test every GSMA FASG FS.11 category, in compliance with FS.11.

In addition, P1 Security will also test attacks only known to P1 Security, some of which are referenced in P1 Security’s proprietary Vulnerability Knowledge Base (VKB) and are not referenced in GSMA documents.

The tests provide information about potential:

Network discovery, Spoofing, Routing abuse, GT abuse, Network Element DoS, Subscriber DoS, Subscriber information leak, Subscriber location leak, SMS interception, Voice interception, SMS spam, SMS spoofing, SMS FW bypass, USSD credit transfer/recharge, Fraud…

(many of these attacks are not even featured in FS.11 “SS7 Interconnect Security Monitoring Guidelines”)

Vulnerabilities can be potentially discovered on the following network elements:

HLR, STP, MSC, VLR, LCS, AuC, EIR, SMSC, SGSN, SMS Firewall, USSD Gateway, GMSC.

References

“Toward the HLR, attacking the SS7 & SIGTRAN applications” (Philippe Langlois, 2009)

“Hacking Telco equipment: The HLR/HSS” (Laurent Ghigonis, Hackito Ergo Sum, 2014)

“SS7map: mapping vulnerability of the international mobile roaming infrastructure” (Laurent Ghigonis & Alexandre de Oliveira, CCC, 2014)

“SigFW Open Source SS7/Diameter firewall for Antisniff, Antispoof & Threat Hunt” (Philippe Langlois & Martin Kacer, Black Hat, 2017)