IMS Brings VoIP into Mobile Telephony - and with It All the Security Risks

Updated: January 07, 2011

OULU, Finland & CUPERTINO, Calif.--(BUSINESS WIRE)--Codenomicon, a leading vendor of security testing solutions, announced today that Ari Takanen, CTO of Codenomicon, will give a presentation on threat assessment and proactive defense against VoIP vulnerabilities at the 3GPP ETSI Release 8 IMS Implementation Workshop. The event will take place 24-25 November 2010, at the Sophia Antipolis technology park, in southern France.

Ari Takanen will give his presentation "Recommendations for VoIP and IMS Security" on Thursday, November 25th. He will talk about Voice over IP (VoIP) security threats, focusing on the attack surface analysis and threat assessment of IMS Release 8 architecture. The presentation is based on research and numerous audits on live IMS deployments across Europe performed during early 2010. Presentation also reviews results of selected security tests using test automation technique called fuzzing, which finds and identifies both known and unknown vulnerabilities in communication technologies. The presentation is partially based on the Securing VoIP Networks book Ari Takanen wrote together with Peter Thermos.

"Modern telecommunication networks are not bug free, but as the legacy mobile networks were mostly closed, nobody could access the vulnerabilities," says Ari Takanen.

"With the introduction of IMS and VoIP, these networks are suddenly connected to the Internet and exposed to all the same threats that the open Internet is known for, and all those hacking tools that are widely available there."

Involvement with standards bodies is critical for Codenomicon, who works with 200+ communication technologies across industries. The ETSI 3GPP conference gathers leading software testing experts, and both vendor and operator executives together to share experiences and best practices around IMS implementations and deployments. The purpose for Codenomicon is to share its insight for future needs for IMS network testing, and to demonstrate the strength of its model-based testing and security validation techniques.

About Codenomicon Ltd

Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, visit www.codenomicon.com.