While the full text is typically restricted to GSMA members, technical overviews and summaries of its security recommendations are available through specialist telecom security providers like SecurityGen and Velona Systems .
GSMA FS.38, titled " SIP Network Security ," is a Permanent Reference Document (PRD) released by the GSMA Fraud and Security Group (FASG)
Operators realized they needed a way to assess, rate, and trust the devices begging access to their infrastructure. Thus, GSMA FS.38 was born—providing a standardized framework for IoT security assessments.
: Outlines potential SIP-based attacks including fraud, privacy breaches, and Denial of Service (DoS) attacks.
Actively attempting to exploit vulnerabilities to find weak spots. gsma fs.38
: Addressing vulnerabilities in SIP deployments, including those used in VoLTE and VoWiFi.
Provides the overarching "Baseline Security Controls" for the entire mobile ecosystem.
The utility now requires FS.38 certification for all future tenders. Fleet costs dropped 40%, and regulatory fines were avoided.
: The guidelines help operators address common telecom fraud types, including: Wangiri : One-ring-and-cut scams. While the full text is typically restricted to
By adhering to FS.38, operators can better defend against emerging "all-IP" threats, ensuring that as networks become more open and virtualized, they remain resilient against both traditional and sophisticated cyberattacks.
SIP messages frequently contain experimental headers, routing history, and user identity metrics. If an operator fails to sanitize these fields at the network boundary, bad actors can map the internal network topology or harvest (such as device specifications, operating system versions, and locations). 3. Toll Fraud and CLI Spoofing
is a security assessment standard published by the GSMA (Groupe Spéciale Mobile Association), the body that represents the interests of mobile network operators worldwide. The "FS" stands for "Fraud and Security," and the number 38 denotes its position within the series of GSMA security documents.
The document identifies and offers countermeasures for various threats, including: finds the person you're calling
Flooding IMS cores with SIP INVITE or REGISTER requests to crash telephony nodes.
About the Author: This guide is based on GSMA FS.38 v3.0 (March 2023). Always consult the latest version from the GSMA Association for any updates or amendments.
For a long time, telecom security was often treated as an afterthought—a problem to be solved after a network was built and launched. The industry historically operated on a model of implicit trust rather than the "zero trust" principles adopted in other areas of IT and cybersecurity.
SIP is the "waiter" of the telecommunications world. When you place a VoLTE call, SIP is the protocol that takes your order, finds the person you're calling, and sets up the "table" (the connection) so you can talk.