A PTA IMS VoLTE Access Vulnerability Assessment security project concerns an active IMS signaling scanning of an Operator’s IMS VoLTE Access.

This vulnerability assessment uses the proprietary P1 Security telecom scanner (PTA) to automate the auditing & penetration testing processes. This allows for the effective combination of a proprietary software (PTA) and the associated expertise for analysing results and drafting and delivering the final report. Moreover, the use of PTA makes it possible to minimise the number of days devoted to the project while going deeper into the analysis of the concerned perimeters.

Access segment from VoLTE User Equipment perspective will be assessed, depending on allocated man-days and customer’s team availability.

P1 Security recommends doing the VoLTE Vulnerability Assessment on a production network, because testbed security mechanisms may differ from the production network.

This Vulnerability Assessment will cover FS.22 “VoLTE Security Analysis and Recommendations” GSMA FASG document cases for VoLTE.

Through use of PTA, P1 Security Proprietary Telecom-specific scanner, this Vulnerability Assessment will cover the following protocols from User Equipment VoLTE perspective:


These tests provide information about potential:

Network discovery, Network Element’s configuration Leak, Leak of callee personal information, Subscriber location leak, LI bypass, Fraud, Subscriber DoS, Network Element misconfiguration, Leak of customers database…

By performing attacks from IMS VoLTE Access segment, vulnerabilities can potentially and indirectly be discovered on the following network elements:

CSCF equipment (P-CSCF, S-CSCF, I-CSCF), MGW


“Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone” (Patrick Ventuzelo, Olivier Le Moal & Thomas Coudray, SSTIC, 2017)