Penetration Testing Services

Penetration Testing

Search for vulnerabilities in your network

Mobileum’s penetration testing services

Mobileum’s Penetration Testing is a service that searches for weaknesses in your signaling network to avoid costly data breaches when delivering services to the end-users. Penetration test reports provide operators with the structured detail of the pen test audits after the engagement has completed, as well as recommendations to address issues they impact customers or the bottom line.

In-depth analysis of your telecom network security

See how your systems look from an external perspective and gain awareness when exposed to potential signaling attacks. A signaling audit performs a network assessment by generating Category1 (Prohibited messages), Category2 (Unauthorized messages), and Category3 (Suspicious messages) messages as defined in GSMA FS.11/12/19 specifications. Also, it simulates other types of attacks known by Mobileum experts, based on their vast experience working in the field for more than 750 global operators.

See how Mobileum can help protect & grow your business

Over 750 Telecom companies, in more than 150 countries, are scaling their business with Mobileum solutions.

Why conduct a penetration test?

Some situations, such as budgetary constraints, may impact the priority given to security initiatives. Don’t wait until the network becomes a victim of an attack to make a security assessment a priority. Consider market influences that may change or redirect intended plans, such as:
  • Reacting to the impact of a serious breach on a similar organization
  • Complying with a regulation or standard
  • Ensuring the security of new applications or significant changes to business processes
  • Managing the risks of using a higher number and variety of outsourced services
  • Assessing the risk of critical data or systems being compromised

What types of vulnerabilities can we discover?

The various types of attacks that are detected range from Subscriber tracking to profile discovery, subscriber tracking, profile discovery, interception of call, or impact to billing. The Mobileum pen testing solution addresses the following vulnerabilities:
  • CAT 1, 2 and 3 per FASG FS.11
  • Location tracking
  • MT Voice call interception / redirection
  • MO Voice call interception
  • MT SMS interception
  • Denial of service
  • Deny registration of mobile on the network
  • Denial of voice calls
  • Retrieve prepaid account balance for a subscriber
  • Transfer prepaid balance from one account to another using SMS/USSD (if this is available in operator)
  • Retrieve HLR profile of a subscriber registered in the home network
  • Denial of data service for a subscriber / in-roamer

Multiprotocol capability to detect signaling threats

The security problems underlying the signaling system are not only related to SS7 protocols; Diameter and GTP also have issues that need to be addressed. The Mobileum pen testing solution can test several protocols to correlate the information from multiple protocols and detect threats in the network. Mobileum’s solution can perform penetration testing using different protocols to validate how the CSP’s network behaves in a defined sequence of events.

The top 6 reasons why you should perform vulnerability & penetration testing

Identify security threats
Vulnerability and penetration testing will look to find all the underlying threats and drive you to solutions to protect the system. Advanced threat identification can help operators eliminate the chances of unauthorized access and protect assets at all costs.
Dodge penalties
Compliance failure or a data leak can lead organizations to pay penalties. Vulnerability and penetration testing eliminates underlying threats, helping businesses evade sanctions. Corporations can use the saved resources to improve services or put effort into managing the portfolio.
Improve brand reputation
Having control over the network and knowing that it is not vulnerable will lead to a positive brand reputation. With Mobileum’s vulnerability and penetration testing, operators can boast a safer network. Working under the badge of “secure,” there is a lot a communications service provider (CSP) can achieve.
Avoid service disturbances
Be it a security fault, a disruption in the application performance, or any other interference, conducting testing can assist in dodging service disturbances. The inability to identify any such errors may not only damage the organization’s reputation but also lead to a loss of loyal customers, incur unanticipated fines, and financial instability.
Evaluate current and future security Investments
Penetration testing can help to analyze the effectiveness of existing security products to provide the insights needed to address any known vulnerability that can put the business at risk.
Keep customer churn under control
Vulnerability and penetration testing provide invaluable peace of mind in knowing with greater certainty the security vulnerabilities of your company and avoiding client churn due to possible security threats.

Obtain support, education, and guidance from our experts on how to improve your network security.

What do we deliver as part of the pen testing?

Mobileum provides a vulnerability assessment from the operator network by connecting to their International and National STPs. The FASG group published FS.26, Guidelines for Independent Remote Interconnect Security Testing, which outline the specific tests to perform and those that should not be performed on a live network. Per the recommendation, Mobileum will not perform destructive tests that could affect subscribers that are not part of the test, nor an entire network element or the network as a whole. Apart from that, Mobileum will perform pen-testing according to GSMA FS.11/12/19 on SS7, Diameter, and GTP to detect vulnerabilities in the CSP’s network.

Smart security: Get the best of your firewall using penetration testing

Penetration testing is a way to test and validate the effectiveness of the CSPs signaling firewall. Mobileum provides operators the ability to test the network’s security and identify the key vulnerabilities and threats that the network and customers may be facing. As the leading provider for signaling firewalls, Mobileum provides a detailed report of the critical points to enhance and guidance on how to make those improvements.

Pen testing as a service (PTaaS)

Mobileum’s state-of-the-art pen testing solution can simulate the identity of a foreign network, creating a fictitious network to affect worldwide access. This way, Mobileum can push multiple SS7/Diameter/GTP messages toward the testing CSP from several external origins. The Mobileum pen testing solution selects a set of test subscribers and sends multiple unexpected SS7/Diameter/GTP signaling messages in an attempt to change or alter the normal behavior for these subscribers. With this method, every CSP can use pen testing as a service, without having the integration phase directly in its network.

Mobileum Security Intelligence Portfolio

Discover why CSPs all over the world, trust on Mobileum' solutions to implement a multilayered security program to prevent ongoing theft of subscriber data, and exposure of sensitive personal information.

Enhance IoT security as business differentiator

The Internet of Things will change the way we interact with everyday items such as vehicles, home appliances, and many other personal devices. However, these won’t be the only connected devices; the oncoming reality of smart cities and smart industry will bring critical facilities to the network, which will create a security niche in the network. Customers, businesses, and governments will put pressure on CSPs to provide bulletproof security. Mobileum’s pen testing is a critical tool that guards CSPs from the potential of security breaches and the resulting client churn and regulatory fines.

The Mobileum pen testing report

A crucial component of the testing is the results. Mobileum provides a post-test report that offers a plethora of information, including actionable data and a guide of recommendations. As part of the report, Mobileum will deliver:
  • Test methodology
  • Details of the vulnerabilities identified within the CSP’s signaling network
  • Conclusions regarding the level of security and overall network protection
  • Descriptions of the main areas of concern, including information regarding key areas that are at risk of being exploited
  • Recommendations to mitigate identified vulnerabilities

Increase your Network Security capability with our Security Intelligence portfolio products.

Cross-Protocol Signaling Firewall
Mobileum has a state-of-the-art signaling firewall as part of its security threat detection portfolio, protecting against malicious attacks under network signaling systems like SS7, CAMEL, Diameter, MAP, GTP, SIP and 5G HTTP/2.
SMS Firewall
Our SMS Firewall has a comprehensive set of features and functionalities that allow MNOs to fight grey route threats coming over signaling links, SIM farms and other bad actors having also the capability to provide MNOs with a safe, spam-free network environment that their subscribers can trust.
CLI Spoofing Fraud
Mobileum's fraud management systems are able to fight this deceptive practice, also known as 'CLI spoofing', intended to commit impersonation fraud, inter-carrier wholesale fraud, as well as to practice spam based on pre-recorded messages.