contact@p1sec.com

New open-source MCC_MNC library

P1 Security is working with mobile operators worldwide, and therefore requires a good knowledge of identifiers used in mobile networks. The P1 Lab has worked carefully to identify all public information related to this topic, and is publishing a new

Read More…

5G SUPI, SUCI and ECIES

The 3GPP has defined a nice subscriber’s identity protection scheme for 5G networks. This is a way for 5G handsets and terminals (or UE, in the 3GPP terminology) to encrypt the subscriber’s identity before sending it over-the-air. In this way, 5G radio sniffers, 5G...

Read More…

P1 Security releases its open-source Python decoder for the 5G NAS protocols

With the introduction of 5G networks, a complete rework of the cellular core network is ongoing, in addition to the introduction of the New Radio stack (abbreviated NR). New network functions are defined, such as AMF for handling the mobility of subscribers, SMF for...

Read More…

Working with TCAP-MAP the efficient way with pycrate

Abstract

In this post, we explain how the TCAP-MAP protocol has been defined and extended in its successive versions, which led to some backward incompatibilities in the message decoding process. This is where pycrate...

Read More…

Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones

Lately, I have been playing with a 3G dongle – a small USB device enabling to connect to the mobile Internet. I have discovered that most USB dongles with a Qualcomm processor exposed a special diagnostic protocol, called Diag (or DM, or QCDM – for Qualcomm Diagnostic...
Read More…

SS7 Security Perimeters and INAT0 NAT0 NAT1 definitions

While P1 Security professional services team are busy deploying Core Network security monitoring with PTM Signaling IDS on SS7, Diameter, GTP, SIP IMS VoLTE, and Radius, one question keeps coming back: the concept of Network Perimeter in SS7. This recurring misunderstood aspect...
Read More…

SS7 Security Perimeters and INAT0 NAT0 NAT1 definitions

While P1 Security professional services team are busy deploying Core Network security monitoring with PTM Signaling IDS on SS7, Diameter, GTP, SIP IMS VoLTE, and Radius, one question keeps coming back: the concept of Network Perimeter in SS7. This recurring misunderstood aspect...
Read More…

LTE Diameter security, filtering and message categories

Abstract: In order to properly manage LTE Diameter security, and it close variants in the IMS and VoLTE domain, we proposed in this presentation a way to categorize the Diameter message types, usage and Command Codes and ways to monitor and filter them. Presentation will be...
Read More…

LTE Diameter security, filtering and message categories

Abstract: In order to properly manage LTE Diameter security, and it close variants in the IMS and VoLTE domain, we proposed in this presentation a way to categorize the Diameter message types, usage and Command Codes and ways to monitor and filter them. Presentation will be...
Read More…

P1 Security Vulnerability Knowledge Base reaches vulnerability #1000 (P1VKB#1000)

The number of referenced vulnerabilities in our unique telecom-specific Vulnerability Knowledge Base has just reached #1000. This is a very Important Milestone in P1 Security’s research in critical networks security. P1 Security’s VKB is a rare case of a private...
Read More…

SS7map: SS7 country risk ratings

Mobile Network Operators rely on a network different from Internet that interconnects operators and other parties, to allow calls to work between operators especially when you are in another country (roaming). This is what is called the “SS7 network” a.k.a....
Read More…

SS7map: SS7 country risk ratings

Mobile Network Operators rely on a network different from Internet that interconnects operators and other parties, to allow calls to work between operators especially when you are in another country (roaming). This is what is called the “SS7 network” a.k.a....
Read More…

[31C3] SS7map : mapping vulnerability of the international mobile roaming infrastructure at #31C3

Laurent Ghigonis and Alexandre De Oliveira from P1 Security team will be presenting the work done on the global SS7 network at Chaos Computer Conference in Hambourg the 27th Dec 2014. The conference “SS7map : mapping vulnerability of the international mobile roaming...
Read More…

[31C3] SS7map : mapping vulnerability of the international mobile roaming infrastructure at #31C3

Laurent Ghigonis and Alexandre De Oliveira from P1 Security team will be presenting the work done on the global SS7 network at Chaos Computer Conference in Hambourg the 27th Dec 2014. The conference “SS7map : mapping vulnerability of the international mobile roaming...
Read More…

SS7map risk rating calculation

Details about SS7map risk rating calculation are coming soon after our presentation at 31C3 ! You can subscribe here to be notified: http://eepurl.com/baeFU5...
Read More…