A PTA SS7/SIGTRAN High Level CS Core Network Vulnerability Assessment security project concerns an active High Level SS7/SIGTRAN signaling scanning of an Operator’s CS Core Network from International Roaming perspective (INAT0).

This vulnerability assessment uses the proprietary P1 Security telecom scanner (PTA) to automate the auditing & penetration testing processes. This allows for the effective combination of a proprietary software (PTA) and the associated expertise for analysing results and drafting and delivering the final report. Moreover, the use of PTA makes it possible to minimise the number of days devoted to the project while going deeper into the analysis of the concerned perimeters.

INAT0 (International Roaming) security will be remotely evaluated.

Through use of PTA, P1 Security Proprietary Telecom-specific scanner, this Vulnerability Assessment will give an overview of the security level and security mechanisms corresponding to FS.11 GSMA Category 1, 2 & 3 SS7 signaling MAP messages.

These tests provide information about potential: Confidentiality breach, Subscriber Location leak, IMSI leak, Financial Impact, GT leak, authentication vectors’ leak, User Equipment DoS, leak of supplementary services, first steps leading to more advanced attacks.


“Toward the HLR, attacking the SS7 & SIGTRAN applications” (Philippe Langlois, 2009)

“Hacking Telco equipment: The HLR/HSS” (Laurent Ghigonis, Hackito Ergo Sum, 2014)

“SS7map: mapping vulnerability of the international mobile roaming infrastructure” (Laurent Ghigonis & Alexandre de Oliveira, CCC, 2014)

“SigFW Open Source SS7/Diameter firewall for Antisniff, Antispoof & Threat Hunt” (Philippe Langlois & Martin Kacer, Black Hat, 2017)