Telco Security
Harden your network across interconnect, RAN, and core
Leveraging an extensive expertise in mobile network hacking, SRLabs supports mobile networks worldwide in measuring hacking risks, selecting appropriate mitigations, and establishing effective security processes.

- Exposure scans
- Interconnect pentesting
- RAN security checks
Identify structural gaps
We validate that all claimed protection measures are effective in practice, usually after reviewing architectural documentation.
The hacker view
We analyze all possible entry points and focus on what really matters for hackers. Sometimes the most trivial paths are the most successful to compromise a network.
Mitigate effectively
We recommend meaningful risk mitigation measures and set the right priorities for each identified risk, leveraging existing technology and assessing what else needs to be acquired.
Our approach
We provide a holistic view on all vulnerabilities, first covering all network entry points and then going further into each internal network interface. We look for unnecessary exposure, configuration hardening issues, missing patches, and ineffective monitoring.
Exposure scan
Objective
We detect exposure of telco systems on two perimeters: Internet (IP) and Subscriber (IP over LTE).
Deliverables
Network segregation gap analysis and architecture gaps.
Interconnect pentest
Objective
SS7 and Diameter pentest covering remote fraud, tracking, or interception threats.
Deliverables
Interconnect firewall gaps and remote telco attack threat overview.
SIM & SMS security tests
Objective
We validate best practices around SIM cards, including file system permissions, applications, and check if binary SMS are correctly blocked.
Deliverables
SIM config gap analysis and SMS attack exposure overview.
RAN security check
Objective
We collect configuration parameters of RAN technologies over the air and compare them to GSMA/3GPP best practices.
Deliverables
Protection report for over-the-air intercept, impersonation/fraud, and IMSI catcher attacks.
IMS/RCS/VoLTE security tests
Objective
We test voice and messaging infrastructures for common configuration mistakes and adherence to security best practices.
Deliverables
Best practice violations report per infrastructure. Risk overview over all voice and messaging infrastructures.
Telco platform pentest
Objective
We find exploitable vulnerabilities in legacy networks, 5G, NFV and private cloud environments.
Deliverables
Gap analysis per telco node, end-to-end attack testing, and local telco attack threat overview.
Informed by a decade of research
SRLabs has been driving telco security evaluation for over a decade. Through our research into innovations like GSM intercept, tracking and impersonation, we have made an outsized impact across the telco ecosystem. It is crucial to have full understanding of the threat landscape, available technologies, and business demands. We weigh these risks for you and make clear recommendations.
