Skip to main content

RTC security
Newsletter

Curated VoIP and WebRTC security news, research and updates by Enable Security.

Subscribe
a phone receiver being crushed by a hand

    December 2024: Wrap-Up & Latest VoIP and WebRTC Security News

    Published on Dec 19, 2024

    While others curl up with holiday classics, treat yourself to some light reading about security breaches, vulnerabilities, and cyber threats in our final RTCSec newsletter of 2024! 🎄 In this edition, we cover: A bit of bragging: our 2024 contributions and achievements in RTC security The best & worst of VoIP and WebRTC Security in 2024 Report of the Grandstream Device Management System (GDMS) compromise Recently patched vulnerabilities in Mitel and Matrix systems TADSummit podcasts on cybersecurity and a brief overview of the Salt Typhoon phone company breach The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about December 2024: Wrap-Up & Latest VoIP and WebRTC Security News

    November 2024: Breaking VoIP & WebRTC – Exploits, Vulnerabilities, and Shodan Insights

    Published on Nov 29, 2024

    Welcome to the November issue of your favourite VoIP and WebRTC security newsletter! In this edition, we cover: Exploitation of Messenger from Meta and the internals of this application. Vulnerabilities in WebRTC, Poly Video Conferencing systems, Cisco phones, Qualcomm DSP video codecs. VoIP devices on the Internet, Shodan has you covered. The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…

    Read more about November 2024: Breaking VoIP & WebRTC – Exploits, Vulnerabilities, and Shodan Insights

    October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes

    Published on Oct 25, 2024

    Welcome to this 3rd anniversary edition of the RTCSec newsletter! In this edition, we cover: our news, including 3 years of newsletter and a new white paper about a WebRTC implementation vulnerability coverage of DEF CON 32 talks that mention WebRTC, a fake FBI-run phone company and SIP URI parsing vulnerabilities various vulnerabilities fixed in Cisco ATA devices, Mitel, VICIDial, and more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes

    September 2024: OWASP in San Francisco, WebRTC, Telco security and much more

    Published on Sep 30, 2024

    Writing this one from San Francisco, instead of our usual head quarters in Bavaria, Germany - right after the OWASP and ThreatModCon conferences. In this edition, we cover: Our news about the conferences, talks and OWASP getting into WebRTC security Telco security: VoLTE vulnerabilities as well as SS7 hacking Vulnerabilities in Asterisk, Cisco, Mitel and much more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about September 2024: OWASP in San Francisco, WebRTC, Telco security and much more

    August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks

    Published on Aug 16, 2024

    We’re sending this out a bit earlier than usual as some of us will be taking some time off soon. See you next month! In this edition, we cover: Our latest presentation for OWASP 2024 Global AppSec. An intriguing blog series by Margin Research on synthetic vulnerabilities in Signal-iOS’s WebRTC. Updates on new Cisco phone vulnerabilities that won’t be fixed, and a recently addressed Asterisk AMI vulnerability. A brief overview of notable presentations from Blackhat, DEF CON, and BSidesLV that might interest the RTCSec newsletter audience.…

    Read more about August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks

    July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!

    Published on Jul 31, 2024

    Welcome to the July edition of your favorite VoIP and WebRTC security newsletter. While many are slowing down this time of year, we are ramping up our efforts. In this edition, we cover: Much news from us, including a podcast, pentesting and OWASP ASVS WebRTC project vulnerabilities that were previously hidden Hardware phone security research and exploitation Low-latency VoIP Security Analytics and Anonymization challenges and Twilio troubles The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!

    June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx

    Published on Jun 28, 2024

    Welcome to the June 2024 edition of the RTCSec newsletter, covering VoIP and WebRTC security news and related topics. In this edition, we cover: Our latest publication on our blog about WebRTC vulnerabilities Cisco WebEx’s seemingly obvious vulnerabilities and their effect on military and political entities Security fixes in Chrome, affecting WebRTC Vulnerabilities in Mitel phones, sngrep, and… iTunes? And more! The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx

    May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

    Published on May 31, 2024

    It is already the end of May, and we have a packed newsletter this month! In this edition, we cover: Our upcoming presentation about the DTLS ClientHello DoS vulnerability Vulnerabilities fixed in Asterisk, ALU and Cisco phones and more RCS phishing attempts and a Pre-War Reality Check and VoIP resilience New features from Kwanlabs SIP Open Relay tester A talk about STIR/SHAKEN privacy concerns Short news covering fax, physical access control vulnerabilities and honeypots The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

    April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more

    Published on Apr 30, 2024

    Welcome to the April edition of the VoIP and WebRTC security monthly newsletter. In this edition, we cover: Kamailio World 2024 review Our short and longer presentation on insecure Kamailio configuration patterns Changes to the newsletter Updates to T-Pot honeypot, sngrep security fixes, Mitel IP Phone vulnerabilities New security course on WebRTC by BlogGeek.me And some more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more

    March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities

    Published on Mar 28, 2024

    Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. This one’s a short one. In this edition, we cover: German military phone call leak and Webex WhatsApp’s past VoIP stack vulnerabilities and preventing future exploits Security fixes in Apple’s WebRTC framework and baresip WebRTC podcast covers security with Tsahi Levent-Levi RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

    Read more about March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities

    Subscribe

    Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

    Interested in our services? Let's collaborate.
    Get in touch

    We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.