Telco security

Leveraging an extensive expertise in mobile network hacking, the SRLabs’ team supports mobile networks worldwide in measuring hacking risks, selecting appropriate mitigations to close the identified gaps, and finally, establishing effective security processes.

“We help telcos to build and secure the next generation mobile infrastructures.”

Identify structural gaps
We validate that all claimed protection measures are effective in practice, only after reviewing the architectural documentation.
The hacker view
We analyze all possible entry points and focusses on what really matters for hackers. Sometimes the most trivial paths are the most successful to compromise a network.
Select the right mitigation
We recommend meaningful risk mitigation measures and set the right priorities for each identified risk, along with leveraging existing technology and assessing what else needs to be acquired.

Our Approach

We provide a holistic view on all vulnerabilities, covering first all network entry points and going in detail into each internal network interface. We look for unnecessary exposure, configuration hardening issues, missing patches, ineffective monitoring and other security processes
Telco network
1
Team ramp-up
2
Interconnect pentest
3
SIM & SMS security
tests
4
RAN security check
5
IMS/RCS/VoLTE
security tests
6
Telco platform
element pentest
Objective
We detect exposure of telco systems on two perimeters: Internet (IP) and Subscriber (IP over LTE)
Objective is SS7 and Diameter pentest covering vectors of remote fraud, tracking, or intercept
We detect exposure of telco systems on three perimeters:  SIM config, SMS and binary SMS
We collect the configuration parameters of RAN technologies over the air and compare them to GSMA/3GPP best practices
We test voice and messaging infrastructures for common configuration mistakes and adherence to security best practices.
We find exploitable vulnerabilities and best practice deviations in EPC, IMS, RAN, or legacy core (HLR, SMS-C, MSC, RNC).
Deliverables
Network segregation gap analysis and architecture gaps
Interconnect firewall gaps; Remote telco attacks landscape
SIM config gap analysis and SMS attack exposure overview.
Protection report for over-the-air intercept, impersonation/fraud, and IMSI catcher attack
Best practice violations report per infrastructure. Risk overview over all voice and messaging infrastructures
Gap analysis per telco node, End-to-end attack testing, Threat landscape of local telco attacks

Why it matters

We proudly helped mobile operators in many countries and secured the deployment of cutting-edge mobile technologies. It is crucial to have full understanding of the threat landscape, available technologies, business demands and potential impact of attacks. SRLabs weights the risks and makes clear recommendations on whether they need to be mitigated or can safely be accepted.

Our research

SRLabs has been driving telco security evaluation for over a decade. Through our research into innovations like SS7 security, GSM interceot, A5/1 hack, and we have made an impact across the telco ecosystem.

Explore more

aLL articles
Extended Android security check: SnoopSnitch tests for Java vulnerabilities
Extended Android security check: SnoopSnitch tests for Java vulnerabilities
No items found.
12/5/2022
Hacking mobile networks has gotten a lot more interesting with 5G and Open RAN
Hacking mobile networks has gotten a lot more interesting with 5G and Open RAN
No items found.
8/8/2022
Your Blockchain is only as secure as the application on top of it
Your Blockchain is only as secure as the application on top of it
blockchain
25/1/2022
Registration. HRB 128449
District court. Berlin-Charlottenburg
EU-VAT. DE 815 218 931
Managing director: Karsten Nohl
Security Research Labs GmbH
Brunnenstrasse 181, 10119 Berlin
Consulting
Blockchain auditingDevice testingRed teamingSecurity maturity reviewSecurity team incubationTelco securityVulnerability prioritization
Company
ResearchAboutCareers
Social media
LinkedInTwitter
Consulting
projects@srlabs.com
© Security Research Labs GmbH
Privacy policy