Telecom Italia Mobile
Security Testing

The client

TIM is the unique brand of the Telecom Italia Group that operates in the market, through the strategy of shared value for the company and the community, offering fixed and mobile telephone services, the internet, digital content and cloud services. TIM, an enabler for the most innovative information and communication technologies, accompanies Italy towards the goal of full digitization, thanks to the realization of ultrabroadband network infrastructures and the dissemination of services of the latest generation.

As of December 31, 2017, TIM has about 11 million land line connections in Italy, of which more than 7.6 million are broadband accesses. In the Italian mobile market, TIM has over 30.7 million lines; In Brazil, with over 59.4 million lines, TIM Brasil is one of the largest telecommunications companies in the country.

Scarica il pdf della case history

Commodities Sector

TLC

Case history data

Telecom Italia turned to Betacom to carry out security testing activities in relation to different types of equipment, in particular modems and routers, miniDSLAM/OLT/UN and IoT. The type of test required is functional to the detection of vulnerabilities present on the apparatus and includes several areas.

Solutions adopted

In particular, the tests are necessary to highlight the presence of inadequately protected serial interfaces /JTAG, the presence of hidden accounts and debugging services, Code Injection and vulnerabilities related to failed sanitization of inputs. But not only that, through scans and the detection of vulnerable services it is possible to detect the presence of Security Misconfiguration in relation to the apparatus or services exposed, code injection and vulnerabilities related to the failure to sanitize inputs such as DNS Rebind, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), vulnerabilities related to the presence of inadequately protected APIs, and Sensitive Data Exposure vulnerabilities.

In addition, the systems were tested for unauthenticated pages in the Web GUI, any features hidden in the Web GUI, any vulnerabilities that allowed remote access or control of the apparatus, and vulnerabilities related to the firmware update process.

Benefits obtained

- Protection from cyber-attacks on the devices that the client enters on their market, both for the Business market and for the home market