RTC security
Newsletter
Curated VoIP and WebRTC security news, research and updates by Enable Security.
Subscribe
October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes
Published on Oct 25, 2024
Welcome to this 3rd anniversary edition of the RTCSec newsletter! In this edition, we cover: our news, including 3 years of newsletter and a new white paper about a WebRTC implementation vulnerability coverage of DEF CON 32 talks that mention WebRTC, a fake FBI-run phone company and SIP URI parsing vulnerabilities various vulnerabilities fixed in Cisco ATA devices, Mitel, VICIDial, and more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
September 2024: OWASP in San Francisco, WebRTC, Telco security and much more
Published on Sep 30, 2024
Writing this one from San Francisco, instead of our usual head quarters in Bavaria, Germany - right after the OWASP and ThreatModCon conferences. In this edition, we cover: Our news about the conferences, talks and OWASP getting into WebRTC security Telco security: VoLTE vulnerabilities as well as SS7 hacking Vulnerabilities in Asterisk, Cisco, Mitel and much more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks
Published on Aug 16, 2024
We’re sending this out a bit earlier than usual as some of us will be taking some time off soon. See you next month! In this edition, we cover: Our latest presentation for OWASP 2024 Global AppSec. An intriguing blog series by Margin Research on synthetic vulnerabilities in Signal-iOS’s WebRTC. Updates on new Cisco phone vulnerabilities that won’t be fixed, and a recently addressed Asterisk AMI vulnerability. A brief overview of notable presentations from Blackhat, DEF CON, and BSidesLV that might interest the RTCSec newsletter audience.…
July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!
Published on Jul 31, 2024
Welcome to the July edition of your favorite VoIP and WebRTC security newsletter. While many are slowing down this time of year, we are ramping up our efforts. In this edition, we cover: Much news from us, including a podcast, pentesting and OWASP ASVS WebRTC project vulnerabilities that were previously hidden Hardware phone security research and exploitation Low-latency VoIP Security Analytics and Anonymization challenges and Twilio troubles The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx
Published on Jun 28, 2024
Welcome to the June 2024 edition of the RTCSec newsletter, covering VoIP and WebRTC security news and related topics. In this edition, we cover: Our latest publication on our blog about WebRTC vulnerabilities Cisco WebEx’s seemingly obvious vulnerabilities and their effect on military and political entities Security fixes in Chrome, affecting WebRTC Vulnerabilities in Mitel phones, sngrep, and… iTunes? And more! The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities
Published on May 31, 2024
It is already the end of May, and we have a packed newsletter this month! In this edition, we cover: Our upcoming presentation about the DTLS ClientHello DoS vulnerability Vulnerabilities fixed in Asterisk, ALU and Cisco phones and more RCS phishing attempts and a Pre-War Reality Check and VoIP resilience New features from Kwanlabs SIP Open Relay tester A talk about STIR/SHAKEN privacy concerns Short news covering fax, physical access control vulnerabilities and honeypots The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more
Published on Apr 30, 2024
Welcome to the April edition of the VoIP and WebRTC security monthly newsletter. In this edition, we cover: Kamailio World 2024 review Our short and longer presentation on insecure Kamailio configuration patterns Changes to the newsletter Updates to T-Pot honeypot, sngrep security fixes, Mitel IP Phone vulnerabilities New security course on WebRTC by BlogGeek.me And some more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities
Published on Mar 28, 2024
Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. This one’s a short one. In this edition, we cover: German military phone call leak and Webex WhatsApp’s past VoIP stack vulnerabilities and preventing future exploits Security fixes in Apple’s WebRTC framework and baresip WebRTC podcast covers security with Tsahi Levent-Levi RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security
Published on Feb 29, 2024
Special day today, being a leap year! In other news, this month brought quite a bit of written content of interest to the VoIP and WebRTC security community, which we’re covering here: Generative AI on live audio conversations (sorry!) Vulnerabilities affecting Yealink, WebRTC and OpenScape Hardening WhatsApp’s VoIP library and new mobile malware using CPaaS WebRTC related security content courtesy of Staex, Mozilla and Fonoster FCC rules affecting VoIP providers and telcos RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and disable stuff
Published on Jan 31, 2024
Fresh new year, fresh VoIP and WebRTC security news! Welcome to this newsletter, write back if you find it useful. In this edition, we cover: TLS key logs, Kamailio and security tools Chromium’s WebRTC vulnerability CVE-2023-7024 The usual warning about SIP ALG Critical vulnerabilities fixed in Cisco’s Unified Communications products RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…