October 8 2014

Security Audits & Testing Increasingly Important for Mobile Network Security

Both prelaunch security verifications and measurements of quality of experience are essential to assure future operator revenue

European mobile operators are currently preparing and verifying their core and radio networks for the introduction of voice and video calls and other innovative services over LTE.

Recently, at the LTE World Summit in which BlueTC participated, interesting possibilities for advanced services[1] were revealed in particular by Korean companies. Due to the transition from circuit switched networks to all-IP networks and a larger number of entry points than before, mobile operators are facing several new security risks and vulnerabilities which again call for new tools and solutions. This was mentioned in an earlier blog post by BlueTC on the same subject[2]. Another industry source states that while the operators are busy with this technological transition, “they aren’t fully aware of or focused on malicious actors”[3].

Even if the operators have secure IT infrastructure, as a result of thorough testing, we are now entering a new era where new applications and advanced services will be running on their mobile networks and systems. Thus, the full range of security aspects has still to be dealt with in-depth and in a comprehensive way by many operators, and the European ones have the opportunity to do this before initiating massive commercial launches, which is the ideal timing. One of these security aspects relates to new Voice over LTE (VoLTE) services.


Apart from verifying theoretical risks and performing tests, eg. PEN testing, operators with a VoIP (Voice over IP) or IMS system already in operation are recommended also to perform security audits as a first step to evaluate potential risks. This would provide a detailed security risk analysis and assessment with severity ranks. If the operator is in the stage of planning, selecting or rolling out a new IMS infrastructure, another option is to perform security testing before final decisions are taken.

Based on the results from the audit or the security testing, respectively, the operator can decide upon actions to be taken to implement the proper countermeasures of the threats and vulnerabilities identified.

A VoIP/IMS aware Intrusion Detection System (IDS) in combination with existing Session Border Controllers (SBCs) is a very cost efficient way of achieving a greater level of protection. This may provide an overview of the current situation and automatically list SIP anomaly messages and trigger alarms. An IDS system would also help operators automate actions plus shorten the problem detection and analysis phase. This would permit them to implement measures before customers are impacted.

The Added Value of Audits

As mentioned above, European operators already know their theoretical risks for new applications and services from internal information and testing, e.g. PEN testing.

The added value with performing a security audit is that only the audit will, via simulations of various kinds of attacks in a lab environment similar to live systems, be able to reveal potential risks, necessary for knowing the level of protection it really holds. These simulations are also the only way of knowing how the equipment and its configuration handle real treats and is therefore the closest an operator can come to a live situation.

The audit report should present potential threats and vulnerabilities ranked by severity and find their location in the systems which would simplify the selection of the optimal preventive actions. An audit may be executed internally if the operator has the resources and tools in-house or with assistance from specialist companies. As it requires highly trained engineers with ample experience from VoIP/IMS technology and in particular with its security aspects, specialist testing tools and the gathering of security incidents over a long period of time, it is more common that external companies perform the audits.

Why take preventive measures?

A solid amount of work has been done by the whole telecom sector, from the standardization organisations, the network equipment vendors, the device manufacturers to the operators in the complex and sensitive area of security. So why are additional security audits, testing and systems needed from the operator side, ideally before new services are launched in live systems? This is due to the new applications and services that are going to run on all-IP networks and that may, if not secure lead to degraded service performance.

For one, an early security diagnosis service helps operators to verify that the selected vendors’ equipment meets the high requirements and standards set, e.g. acceptance. The service will also verify if the security nodes are properly configured, detecting any loopholes due to accidental misconfigurations, all before launch.

It is normally more cost-effective to detect issues and vulnerabilities at an early stage of a project, e.g. lab, than to discover them during launch phase or even later in full production with growing volumes, facing real threats. This is also true when it comes to the image and trust of an operator with its customers.

Moreover, the fast uptake of LTE-subscribers, risk of infected smartphone devices being present and increasing interest from hacker communities etc., only makes mobile network security more important, and a reason to give security issues an even higher priority than they already have.

But maybe the most important fact that especially affects the VoLTE offering, is that voice services, being part of an operator’s core business, have to be secured from start. New services must not only be checked from the perspective of customer quality of experience but different network security aspects must also be an integral part of operator prelaunch verifications, as this will be increasingly important for assuring future revenue.

  1. The LTE World Series Blog: view link
  2. Peter Snygg, Solution Manager at Blue Telecom Consulting, has earlier written a more in-depth technical opinion article on this same issue, the BlueTC Blog: view article
  3. McAfee Whitepapers: view link


Leave a comment

Notify of
Inline Feedbacks
View all comments
Scroll to Top