RTC security audits
and penetration testing
We’ll find the cracks in your real-time communications security so that they can be addressed or mitigated.
Are you building VoIP / WebRTC infrastructure or applications?
Most pentests target webapp and network infrastructure while missing the vulnerabilities that matter most. Focus on RTC security is critical when testing such systems. For this, we have developed dedicated tools, security testing methodology and expertise.
Penetration
testing
Code and config analysis
DDoS
testing
Fuzz
testing
If you are looking for excellence when testing critical RTC systems:
work with us
We understand that our work requires mutual trust. Since getting established in 2008, we have contributed to organisations large and small by performing hundreds of pentests and security audits. Not only is it important to provide valuable and quality results, it is equally essential to maintain communication and transparency before, during and after our engagements.
In the course of our work, we have tested various IP PBXs, presence systems, telecom infrastructure and WebRTC servers together with related applications and network infrastructure.
Our customers
While we do not make a habit of publicly naming customers to respect their confidentiality, the following are some of our typical customers.
- Service providers, telecoms and mobile operators
- VoIP/IMS and WebRTC vendors
- Communications platform as a service (CPaaS)
- Video conferencing platforms
- Contact center platforms
Some of the
things we have broken
Session Border
Controllers (SBCs)
Kamailio, OpenSIPS,
Audiocodes, Sonus SBC
IP PBX servers
Asterisk, FreeSWITCH, Avaya Aura,
Cisco Unified Communications
Media servers
RTPEngine,
Proprietary solutions
Mobile softphones
Cisco (Broadsoft) Communicator, Avaya IP-Office and one-X Communicator,
Custom solutions
IM/Presence
systems, XMPP servers
Ejabberd, OpenFire, Prosody
Telecom solutions and
Unified Communications systems
Broadworks (Cisco)
Customer
premises equipment (CPE)
DSL, Cable modems, SIP gateways
Hardware phones and
conference call equipment
Proprietary solutions
WebRTC media gateways
Janus, Mediasoup, Proprietary solutions
TURN servers
Coturn
SMPP, MM4 servers
OpenSMPP, Kannel, Cloudhopper
Wide range of RTC
protocols and test coverage
While we frequently tailor our security audit methodology and tools to suit
specific requirements, we cover a wide variety of RTC protocols and test cases as standard
SIP
RFC 3261, 3264, 3265,
3665, 4568, 5621, 8760
- Call relaying / dialplan security bypass
INVITE
flood (INVITE
of death) /REGISTER
flooding Denial of Service (DoS)- SIP extension enumeration
- SIP digest leak attacks on vulnerable SIP endpoints and SIP proxies
- SIP routing vulnerabilities
- SIP header injection / smuggling tests
- Caller-ID spoofing
- SIP online cracking / password bruteforce
- Injection tests, for SQL injection / other injection vectors introduced through SIP
- Authentication bypass testing
- Show 7 more
STUN, TURN
RFC 5389, 7350,
8489, 5766, 8656, 6062
- TURN proxy abuse testing
- SIP TLS (RFC 3261, 5630)
- SIP TLS configuration review to identify TLS related weaknesses
- ICE (RFC 8445)
- Private IP leak
RTP
RFC 3550, 3711, 5761
- RTP Flooding Denial of Service (DoS), especially targeting recording systems
- Media encryption tests, especially targeting SRTP, SDES and DTLS
- RTP bleed and RTP injection attacks
- Call interception, eavesdropping due to lack of media or signalling encryption
DTLS
RFC 6347, 5763, 5764
- DTLS Denial of Service (DoS)
- Certificate handling
- Weak ciphers
- Information disclosure vulnerabilities
SMPP
version 3.4
- Fuzzing
- Reconnaissance
- Caller-ID spoofing
- Denial of Service tests
XMPP
RFC 6120, 6121
- Attacks against XMPP servers
- Attacks against XEPs (XMPP protocol extensions)
Software-specific tests
- Asterisk / Kamailio / OpenSIPS security configuration review
- Known and unknown vulnerabilities affecting target products / software packages
- Dialplan injection attacks and other attacks specific to the platform’s dialplan handling
- Provisioning security tests on TFTP, FTP, and HTTP protocols
- Show 2 more
Standard security tests
- In the case of local network infrastructure, VLAN hopping may be required
- Web application security tests
- OWASP Top 10 vulnerabilities
- SQL injection, LDAP injection, blind cross-site scripting (XSS) and other types of injection
- API security testing
- Show 2 more
Interested in working with us?
Get in touch to find out more.