Skip to main content

RTC security
Newsletter

Curated VoIP and WebRTC security news, research and updates by Enable Security.

Subscribe
a phone receiver being crushed by a hand

February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security

Published on Feb 29, 2024

Special day today, being a leap year! In other news, this month brought quite a bit of written content of interest to the VoIP and WebRTC security community, which we’re covering here: Generative AI on live audio conversations (sorry!) Vulnerabilities affecting Yealink, WebRTC and OpenScape Hardening WhatsApp’s VoIP library and new mobile malware using CPaaS WebRTC related security content courtesy of Staex, Mozilla and Fonoster FCC rules affecting VoIP providers and telcos RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security

January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and disable stuff

Published on Jan 31, 2024

Fresh new year, fresh VoIP and WebRTC security news! Welcome to this newsletter, write back if you find it useful. In this edition, we cover: TLS key logs, Kamailio and security tools Chromium’s WebRTC vulnerability CVE-2023-7024 The usual warning about SIP ALG Critical vulnerabilities fixed in Cisco’s Unified Communications products RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…

Read more about January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and disable stuff

December 2023: Round-up of this year’s VoIP and WebRTC security news, and DTLS hello race flaw

Published on Dec 22, 2023

It’s the end of the year and if you are still reading your emails, make sure to read this one! Wish you all restful holidays and a happy New Year! In this edition, we cover: our community contributions for 2023 and our new security advisories the best and the worst of 2023 Asterisk and 3CX vulnerabilities and a few more news items but not that much this time! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about December 2023: Round-up of this year's VoIP and WebRTC security news, and DTLS hello race flaw

November 2023: Advisories for VoIP systems and devices, WebRTC privacy and spying on your calls

Published on Nov 30, 2023

Welcome to the November edition of your favorite IP Communications Security Newsletter! In this edition, we cover: Asterisk fixing a PPE in their Github Cyber-criminals listening on telecommunications systems to learn how they were caught ARM’s MTE is going to protect your smartphones - Google Project Zero’s blog post about it Privacy and security of video conferencing on WebRTC LIVE And much more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about November 2023: Advisories for VoIP systems and devices, WebRTC privacy and spying on your calls

October 2023: security theatre and PBX hacking, plus last month’s advisories

Published on Oct 26, 2023

It’s the moment you’ve eagerly anticipated, that special time of the month. Yes, end of the month means salary time for many, and Halloween - but also - your favorite newsletter is out and about! In this edition, we cover: A presentation by good pseudonym at DEF CON about PBX and UC hacking The drama that ensued with regards to FreePBX vulnerabilities How our customers are enjoying access to the Attack Platform Security fixes in WebRTC and Skype for business Short news including MiTM attacks on XMPP, monthly vulnerability fixes and much more!…

Read more about October 2023: security theatre and PBX hacking, plus last month's advisories

September 2023: Security advisories, SIP & DTLS-SRTP interoperability and 5G infra attacks

Published on Sep 29, 2023

Welcome to the September edition of the VoIP and WebRTC security newsletter, RTCSec news! In this edition, we cover: our news, including the WebRTC & Video Delivery presentation we gave at CommCon, OpenSIPIt and our Attack Platform security fixes in FreeSWITCH, OpenScape, Stormshield and DLINK phones GPRS Tunneling Protocol user-plane (GTP-U) abuse, Signal upgraded for quantum computing and SBOMs RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about September 2023: Security advisories, SIP & DTLS-SRTP interoperability and 5G infra attacks

August 2023: Join OpenSIPit, learn about Zoom, Skype vulnerabilities, and more

Published on Aug 31, 2023

Hope you had some lovely holidays in August! And if not, what are you waiting for? This month we’re keeping the short news section and inviting people to participate in the upcoming edition of OpenSIPit! In this edition, we cover: our latest news and how to keep us in business Android security - 2G and VoLTE Zoom and AudioCodes vulnerabilities revealed at Blackhat Skype IP leak and how this is more common in RTC than assumed Memory corruption in Qualcomm chipsets handling VoLTE EVS audio (CVE-2022-40510) RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about August 2023: Join OpenSIPit, learn about Zoom, Skype vulnerabilities, and more

July 2023: VoIP and WebRTC attack surface, pentesting for 2023 and VoIP DDoS attacks

Published on Jul 28, 2023

Welcome to the July edition of the RTC security newsletter! For this month, we brought back the short news section making this edition a bit shorter than usual. Do you prefer the longer form or is this more to your liking? In this edition, we cover: Our own recent presentation about the VoIP and WebRTC application attack surface Booking us for your pentest this year and our involvement with the upcoming OpenSIPIt DDoS threat report and VoIP SentryPeer news, STIR/SHAKEN problems and malware using RTC!…

Read more about July 2023: VoIP and WebRTC attack surface, pentesting for 2023 and VoIP DDoS attacks

June 2023: Talks on VoIP security, WebRTC server-side attacks and WISH/WHIP

Published on Jun 30, 2023

It is finally conference season and so this newsletter covers 3 different events focused on RTC and opensource communications as well as the latest and greatest security fixes related to VoIP and WebRTC. In this edition, we cover: Kamailio World, CommCon and OpenSIPS summit presentations of interest Our own work especially on WebRTC and WISH (WHIP) security More open SIP relay attacks in the wild DDoS, botnets and VoIP RTC vulnerabilities and fixes in MacOS, iOS, WebRTC and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about June 2023: Talks on VoIP security, WebRTC server-side attacks and WISH/WHIP

May 2023: RTC conferences, advisories for Cisco, Mitel, sofia-sip

Published on May 31, 2023

Welcome to the May edition of the monthly VoIP and WebRTC security newsletter! In this edition, we cover: Kamailio World in Berlin and CommCon in the UK Open Source Telecom Software Survey 2023 Asterisk PBX and ASAN compilation SIP-based vulnerabilities in Shannon Baseband vulnerabilities many more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…

Read more about May 2023: RTC conferences, advisories for Cisco, Mitel, sofia-sip