Updated on: December 5, 2024
SafetyDetectives recently had the opportunity to interview Philippe Langlois, Founder and CEO of P1 Security, a pioneering leader in telecom security. With a career spanning decades and a passion for safeguarding critical infrastructure, Langlois has been instrumental in addressing vulnerabilities in mobile networks worldwide. Since its founding in 2011, P1 Security has evolved into a global powerhouse, providing specialized solutions to secure telecom operators and nation-states’ mobile infrastructure against ever-evolving cyber threats. In this interview, Langlois shares insights into the company’s journey, emerging challenges in telecom security, and the cutting-edge innovations shaping the future of secure communication.
What inspired you to start P1 Security, and how has the company evolved since its founding?
I’ve always had a passion for security, having founded companies like Qualys and Intrinsec. One day at Qualys, a Telecom customer congratulated us about the results on IP address ranges we scanned, and asked if we could do the same with its SS7 number ranges. This was clearly out of the scope of Qualys, but still an interesting research area. When out of Qualys and doing security research, part of my focus went on Telecom and Mobile backbones. I then observed the significant gaps in mobile network security and it became clear to me that we needed a specialized approach to protect operators and nation-states’ critical mobile infrastructure from cybersecurity threats and attacks. Part of this research became P1 Security. Since our founding in 2011, P1 Security has evolved into a global leader in telecom security, delivering over 300 projects, both service and products, to top telecom operators worldwide. Our focus on combining software solutions, human expertise, and consulting services has allowed us to grow and meet the unique needs of our clients, ensuring their telecom networks and subscribers are secure for legal, financial, technical, and reputational reasons.
Can you share a little about P1 Security’s mission and how it aligns with current trends in mobile and telecom security?
Our mission is to help operators and the telecom industry secure their mobile networks, particularly by protecting operators and nation-states’ critical mobile infrastructure. As we face evolving cybersecurity threats, it is imperative to protect these networks and their subscribers. Some customers are more about protecting critical infrastructure, some others are more focused on compliance or liability issues toward their enterprise customers and subscribers. We provide unique telecom security solutions that help assess, monitor, understand, and fix telecom security issues, ensuring that our clients can effectively navigate both legacy and current trends, including the rise of IoT and 5G technologies. By securing the infrastructure and applications that support telecom services, we make the Telecom Security Life Cycle a reality for our clients.
What are the most common vulnerabilities in SS7, Diameter, and SIP networks, and how does P1 Security address them?
In SS7, Diameter, and SIP networks, a lot of vulnerabilities that lead to unauthorized access, data interception, and signaling fraud are linked to the design of these protocols themselves. A lot of the features that mobile networks use, notably in interconnection and roaming, can be leveraged by attackers to perform attacks . These vulnerabilities can pose significant risks to telecom operators and nation-states, impacting their ability to protect subscribers. At P1 Security, we address these issues with our mobile-focused vulnerability assessments and penetration testing across core and access networks. Our vulnerability scanner, PTA (P1 Telecom Auditor) is designed to scan and identify protocol-specific vulnerabilities, while our constantly updated VKB (Vulnerability Knowledge Base) ensures that we provide our clients with the latest information to effectively secure their networks and mitigate potential threats.
How has the integration of IoT devices impacted telecom security, and what steps should companies take to secure these connected systems?
In Iot Security, the security of the device itself and of the application servers supporting the IoT device is an area of concern. Enterprises using IoT usually know about this part. Now there is another part which is usually the unadressed or unaudited domain: it’s the security of the IoT device fleet within the operator: Can the IoT fleet security be compromised by manipulating the operator’s infrastructure? Can the operator’s own security be affected by takeover of the IoT device fleet? These questions are usually much less understood, yet are a vital component of IoT security. We help both enterprises and operators get a good grasp on this. Many operators are still oblivious to hundred thousands of IoT devices with SIM cards that could be leveraged to conduct denial of service on their infrastructure, and that’s terrible.
What are some misconceptions that organizations have about telecom security, and how does P1 Security help address them?
The first misconception is that the mobile network is secure by default. That’s just plain wrong. Some operators are actually building and delivering Secure Operators or Value Added Security to their Enterprise customers in order to support both commercial, governmental but also general public subscribers usage. First P1 Security gives visibility into this problem from whatever perspective you are in : Government or Regulator, Operator, or Enterprise. Then we help improve the security of the operator(s) and of the mobile applications and IoT solutions.
What new developments or solutions is P1 Security working on that you’re particularly excited about?
We’re currently focusing on several exciting developments. Our OTP (Online Training Platform) has experienced a surge in demand notably relating to 5G Security Training, prompting us to introduce new training seminars and webinars that will enhance our offerings. Additionally, we are developing a powerful new version of our PTM (P1 Telecom Monitor) in the next months, which will significantly improve detection and monitoring capabilities. Our VKB (Vulnerability Knowledge Base) is also rapidly expanding, with over 5 new vulnerabilities added each month, ensuring our clients stay informed about the latest threats. Lastly, we’re building integrated software for 5G Security that helps both operators and enterprises assess their security. Together, these initiatives reflect our commitment to securing operators and nation-states’ critical mobile infrastructure, helping them defend against cybersecurity threats while ensuring the integrity of the telecom services that billions rely on.