VoIP and WebRTC
Security Articles and News
Articles and security news about vulnerabilities and attacks affecting VoIP and WebRTC by Enable Security.
Read the RTCSec newsletter
ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak
Published on Oct 16, 2020 in conferences, sip security, sip security testing
ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did! Summary Here’s an outline of what went on:…
Read more »RTC Security chat at Kamailio World Online with Daniel and Olle
Published on Oct 5, 2020 in conferences, kamailio, voip security, webrtc security, sip security testing
It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…
Read more »The great Kamailio security debate and some misconceptions debunked
Published on Sep 22, 2020 in kamailio, sip security
Introduction The Kamailio community has always been very welcoming to us since our first connection in 2015 where I gave a dangerous demo showing the open-source version of SIPVicious scanning the Internet and discovering all sorts of SIP devices. Since then, we’ve been contributing through presentations at Kamailio World each year, highlighting various security concerns for the RTC community and the occasional security report and advisory urging people to upgrade their Kamailio.…
Read more »Smuggling SIP headers past Session Border Controllers FTW!
Published on Sep 1, 2020 in kamailio, sip security, gasoline, sip security testing
Executive summary (TL;DR) SIP Header smuggling is a thing; in some cases it may be super-bad. It affected Kamailio and we have published a Github project to easily demonstrate and test this for yourself. Kamailio has since fixed the issue in release 5.4.0 but similar issues are likely to affect other SBCs. Usage of special SIP headers When it comes to trusted SIP networks, one of the primary ways that information is passed across different hops is through SIP headers.…
Read more »Kamailio World Online SIP and VoIP Security Panel
Published on Aug 27, 2020 in sip security, conferences, webrtc security, voip security, kamailio
On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…
Read more »Bug bounty bout report 0x01 - WebRTC edition
Published on Jun 16, 2020 in webtc security, bug bounty, stunner
Read the full report here. In April 2020, in between SIPVicious PRO development and pentesting VoIP and WebRTC, we dedicated some days to bug bounties and vulnerability disclosure programs to see what comes out of it. Our focus was on those that have WebRTC infrastructure in scope. In the end, we reported 3 vulnerabilities to 4 different vendors, for 6 different products. So finally, after making sure that the affected vendors have addressed these security issues and have agreed with publication, we are putting out a compiled report!…
Read more »Attacking a real VoIP System with SIPVicious OSS
Published on Jun 8, 2020 in sipvicious oss, security tools, sip security
Recently, we put out a target server on the Internet at demo.sipvicious.pro which hosts a Kamailio Server handling SIP over UDP, TCP, TLS as well as WebSockets. Behind that, the observant reader will soon discover that an Asterisk server handles the voicemail and echo services. This is actually a fully functioning (real) VoIP system that’s ready to be attacked. Therefore, in combination, these software packages allow us to reproduce a number of common security vulnerabilities affecting VoIP and WebRTC systems.…
Read more »SIPVicious PRO v6.0.0 alpha.5 available to our clients
Published on Jun 3, 2020 in sipvicious pro, security-tools, sipvicious releases
With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following: Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes An extensive getting started page is now available, with instructions on how to use most of the modules Exit codes!…
Read more »A gentle introduction to caller ID spoofing
Published on May 7, 2020 in caller id spoofing, sip security
Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…
Read more »Awesome RTC hacking list published on Github
Published on Apr 29, 2020
We have been collecting lists of resources related to RTC security, namely VoIP, WebRTC and VoLTE which we just made available on our Github. Please contribute and share! So far, the list contains awesome links for the following topics: Presentation Slides Videos Advisories Open-source tools Papers Blogs Notable blog posts and articles Books Commercial tools Vulnerabilities Related lists So, what are we missing? Get in touch on Twitter or submit a pull request.…
Read more »