Telco technical

& business courses

available worldwide

LTE Security and Insecurity

2 days
security, fraud, engineers
available worldwide
Ask for offer

Who Should Attend?

This training is aimed at Telecom core engineers. In this course, the participant will learn about LTE 4G mobile network service, LTE security mechanisms, Evolved Packet Core network security and vulnerabilities, and potential LTE network problems. Finally, the participant will define a plan of study to become a LTE Network auditor.


Course Scope

  1. LTE Introduction.
  2. LTE Security Architecture.
  3. LTE Network Elements Overview, Security Roles, and Functions.
  4. LTE Communication Security, Cryptography, and Key Management.
  5. Study of LTE Protocols.
    • S1AP.
    • X2AP.
    • Diameter.
    • GTP-C.
    • GTP-U.
    • GTPv2.
    • GTP’.
    • NAS. 
  6. Typical Attacks on LTE Infrastructure.
  7. Recap of SS7 attack scenarios and comparison to 4G.
  8. Role of Legacy in LTE Security (CS Fallback, CSFB vs. VoLTE).
  9. Network elements and their functions: HSS, DRA/DEA, MME, PCRF, eNodeB, PGW, SGW.
  10. DRA remote and RCE compromise via Diameter.
  11. Vulnerabilities in VoLTE.
  12. Analysis of Network Elements and Vulnerabilities.
    • Generic LTE network element vulnerabilities.
    • Huawei LTE SAE EPC HSS: structure, vulnerabilities, and services.
    • Huawei LTE SAE RAN MME: role and attacks.
    • Ericsson LTE SAE RAN eNodeB: vulnerabilities, integration, provisioning, and hardware attacks.
    • Huawei LTE SAE EPC UGW (SeGW, S-GW, PDN GW): role and structure.
  13. Diameter Security and Comparison to SIGTRAN and Radius Protocols.
  14. Diameter Fuzzing and Scanning.
  15. Diameter in a Roaming Context.
  16. NAS Security, Protocol Review and Known Attacks.
  17. SCTP Protocol Basics, Scanning and Attack Acenarios.
  18. SGW – PGW Infrastructure and Design, and GTPv2 Scanning and Fuzzing.
  19. S1AP Interface Protocol Study and Known Vulnerabilities.
  20. Attack Scenarios over the S1AP Interface.
  21. Attacking O&M (OAM & Management) of Network Elements. 
  22. GRX / IPX Compromise Case Studies, Architecture and Design, and Known Vulnerabilities.
  23. Scenario of LTE Network Attack.
    • Radio-based; role of the subscriber.
    • Infrastructure-based, Transmission or RAN vector.
    • Internal-based attack.
    • Interconnect-based attack scenarios.
  24. The Next Steps to Becoming a LTE Network Auditor.


In order to fully understand the course, each participant needs:

  • Basic knowledge of Telecom & network principles:
    • 2G, 3G, and 4G.
    • OSI network layers.
    • Basic knowledge of Telecom technologies.
  • Laptop with Linux installed either in a VM or native, Backtrack or Ubuntu (reverse engineering and hacking tools recommended).
  • Good ability to use Wireshark.
  • Basic skills and usage of Linux for reverse engineering (strings, knowledge of tools in a Backtrack for reverse engineering). 
  • Legal IDA Pro license optional, but strongly recommended.


Training Structure

Two-day training divided into logical sessions.



Instructor-led training. Participants will receive evaluation access to a vulnerability scanner for Telecom infrastructure and a developer account for LTE mobile security platform.

Nearest Available Open Courses

07 November 2019
2 days
Paris, France
18 November 2019
2 days
Paris, France

Trainer was able to answer practical questions.

Mr. Daniel Krolikowski, Play Poland

Training provides useful methods to analyze real protocols.

Mr. Seema Karn, NCell Nepal

Perfect course.

Mr. Arseniy Mazanik, Beeline Russia

Professional, high-quality trainer.

Mr. Gagik Shatveryan, Vivacell

A lot of useful materials and knowledge.

Mr. Shukhrat Khaydar, UCell

The course exceeded my expectations. Hats off!

Mr. Adnan Syed, Mobily

More than excellent course!

Ms. Inessa Mijiferjyan, Vivacell

Very well organized training programmes.

Mr. Mihnea Teodorescu, Cosmote, RO

Experienced trainer. Real cases with references to recommendations.

Mr. David Curkan, T-Mobile Croatia

The trainer is capable of answering all my questions.

Ms. Ana Gheorghe, Vodafone RO

Good class notes and great examples.

Mr. Ghaffar Masood, Mobilink Pakistan

I received a lot of useful information which I use in my work every day.

Ms. Viktoriya Gusarova, Beeline RU

Training was above expectations!

Mr. Ariel Haxhiu, Eagle Mobile, AL

The training exceeded my expectations.

Ms. Irida Gjashta, AMC Albania

Unique training covering the most important areas of my work.

Mr. Eldar Mursaqulov, Azercell

I can proudly recommend these courses for others as well.

Mr. Tarvo Jammer, Elisa Estonia

Trainers have passion to teach & impart knowledge.

Mr. Kanchan Chitrakar, Ncell Nepal

Trainer is open for comments and discussion.

Ms. Natalya Nerubenko, Life Ukraine

I feel like the trainer is the best professor and mentor one can have.

Ms. Ledia Meici, AMC Albania

Experienced trainer. Excellent descriptions.

Mr. Ahmad Doar, Mobily, KSA

The best training ever.

Mr. Timur Zagretdinov, MTT Russia

Deep and detailed topic analysis.

Mr. Mohamed Sabry, Vodafone Egypt

Excellent course and instructor.

Mr. Nikolay Suetin, Beeline Russia

Excellent methodology of teaching. Simple and easy to understand training.

Mr. Arben Shabani, PTK Kosovo

Trainer adapted to the expectations of the audience.

Mr. Antoine Blanchet, Monaco Telecom

Excellent exercises!

Mr. Muhammad Ali, Mobilink Pakistan

Really practical and very fruitful training.

Mr. Niroj Raya, NCell Nepal

The whole course was very valuable.

Mr. Sayyid Ali, Dhiraagu Maldives

Excellent, knowledgeable trainer, open to communication.

Mr. Dmitrii Kropotov, Tele2 Russia

This course will be very useful in my daily work.

Mr. Leopoldino Ferreira, Unitel Angola

Very clear explanations.

Ms. Tatyana Krasyuk, Life Ukraine

A good approach to a complex problem.

Ms. Horia Catrinoiu, Vodafone RO

Course covers all important issues and presents relevant examples.

Mr. Mohamed Kamel, Vodafone Egypt

I am very impressed with the trainer's knowledge and experience.

Mr. Mouin Al Saghir, Vivacell

Overwhelming knowledge and expertise. Interactive and enjoyable learning.

Mr. Ashish Shrestha, NCell Nepal

Very effective training methods.

Ms. Erjona Xhemali, AMC Albania

Great teacher with deep knowledge and experience.

Mr. Philippe Wrzecionek, TATA

The training is completely excellent.

Mr. Philipp Korostelev, Beeline Moscow

Amazing, more than excellent, audience-oriented trainer.

Mr. Evgeniy Dmitriev, Astelit Ukraine

Seminar entirely for Telecommunication operators. A lot of issues covered.

Ms. Pinelopi Tragoudara, Vodafone GR

Everyone gets individual attention from the trainer.

Ms. Inga Tomsone, Tele2 Latvia

A clear picture of GSM switching and signalling.

Ms. Anette Chale, mCel Mozambique

The course covers all the impacted areas.

Ms. Gratia Scanteie, Vodafone, RO

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

Many different people from different operators can share their problems and ideas.

Mr. Omar El-Fiky, Vodafone Egypt

Excellent knowledge from the trainer.

Ms. Catherine Barman, Swisscom

Good direct connection between course material and real problems.

Mr. Alex Konstantopoulos, Cosmote, GR

Regardless of technology I received theoretical and practical answers.

Mr. Kosta Pribić, T-Mobile Croatia

Good logical structure of the course and explanation.

Ms. Elena Shevtsova, Beeline, KZ

Highly professional trainer with lots of practical experience. Friendly and open.