VoIP and WebRTC
Security Articles and News
Articles and security news about vulnerabilities and attacks affecting VoIP and WebRTC by Enable Security.
Read the RTCSec newsletter
Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it
Published on Apr 20, 2020 in xmpp security, jitsi meet, research, webrtc security, default passwords
Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…
Read more »How we abused Slack’s TURN servers to gain access to internal services
Published on Apr 6, 2020 in webrtc security, bug bounty, research, stunner
Executive summary (TL;DR) Slack’s TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS. And we were awarded $3,500 for our bug-bounty report on HackerOne. A very brief introduction to the TURN protocol The Wikipedia page for this protocol is somewhat handy because it explains that: Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.…
Read more »What’s up with SIPVicious PRO?
Published on Mar 30, 2020 in sipvicious pro, security tools
In the past 3 years we have been working on developing SIPVicious PRO during our work as penetration testers and in between engagements. Since our chief demolition officer, Alfred joined up with Enable Security, the development has had a much-needed push so that we started making it available to a limited number of companies that happen to be our clients. Today, we’re making version 6.0.0-alpha.4 available to our clients which includes Opus support, further support for SRTP and of course, a number of bug fixes.…
Read more »SIPVicious OSS 0.3.0 released
Published on Mar 10, 2020 in sipvicious oss, security tools, sipvicious releases
It’s been a few years since we released a new version of SIPVicious. Truth is, we were working on SIPVicious PRO which we started making available to some of our clients. Many people still use the open-source version of SIPVicious and it is included in various pentest Linux distributions, and definitely is useful to a number of people (especially after they change the user-agent string). And so, with the impending Python2 apocalypse, we decided to make a new release, porting SIPVicious OSS to Python 3 and including various updates that happened since 2015 in the master branch.…
Read more »If SIPVicious gives you a ring…
Published on Dec 10, 2012 in asterisk, cyber crime, sip security, sipvicious oss, security tools
Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…
Read more »