Skip to main content

Telco Security

Harden your network across interconnect, RAN, and core

Leveraging an extensive expertise in mobile network hacking, SRLabs supports mobile networks worldwide in measuring hacking risks, selecting appropriate mitigations, and establishing effective security processes.

Abstract image
Offensive Security
Shut down fraud, tracking, and intercept paths
  • Exposure scans
  • Interconnect pentesting
  • RAN security checks
Illustration related to mobile and telecom security

Identify structural gaps

We validate that all claimed protection measures are effective in practice, usually after reviewing architectural documentation.

The hacker view

We analyze all possible entry points and focus on what really matters for hackers. Sometimes the most trivial paths are the most successful to compromise a network.

Mitigate effectively

We recommend meaningful risk mitigation measures and set the right priorities for each identified risk, leveraging existing technology and assessing what else needs to be acquired.

Our approach

We provide a holistic view on all vulnerabilities, first covering all network entry points and then going further into each internal network interface. We look for unnecessary exposure, configuration hardening issues, missing patches, and ineffective monitoring.

Exposure scan

Objective

We detect exposure of telco systems on two perimeters: Internet (IP) and Subscriber (IP over LTE).

Deliverables

Network segregation gap analysis and architecture gaps.

Interconnect pentest

Objective

SS7 and Diameter pentest covering remote fraud, tracking, or interception threats.

Deliverables

Interconnect firewall gaps and remote telco attack threat overview.

SIM & SMS security tests

Objective

We validate best practices around SIM cards, including file system permissions, applications, and check if binary SMS are correctly blocked.

Deliverables

SIM config gap analysis and SMS attack exposure overview.

RAN security check

Objective

We collect configuration parameters of RAN technologies over the air and compare them to GSMA/3GPP best practices.

Deliverables

Protection report for over-the-air intercept, impersonation/fraud, and IMSI catcher attacks.

IMS/RCS/VoLTE security tests

Objective

We test voice and messaging infrastructures for common configuration mistakes and adherence to security best practices.

Deliverables

Best practice violations report per infrastructure. Risk overview over all voice and messaging infrastructures.

Telco platform pentest

Objective

We find exploitable vulnerabilities in legacy networks, 5G, NFV and private cloud environments.

Deliverables

Gap analysis per telco node, end-to-end attack testing, and local telco attack threat overview.

Informed by a decade of research

SRLabs has been driving telco security evaluation for over a decade. Through our research into innovations like GSM intercept, tracking and impersonation, we have made an outsized impact across the telco ecosystem. It is crucial to have full understanding of the threat landscape, available technologies, and business demands. We weigh these risks for you and make clear recommendations.

Luca Melette at BlackHat 2019

Security Research Labs is a member of the Allurity family. Learn More (opens in a new tab)