Skip to main content

VoIP and WebRTC
Security Articles and News

Articles and security news about vulnerabilities and attacks affecting VoIP and WebRTC by Enable Security.

Subscribe
a phone receiver being crushed by a hand

    SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools

    Published on Jul 6, 2022 in , , ,

    We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:…

    Read more about SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools

    We’re hiring a pentester / security researcher

    Published on May 4, 2022

    Do you know anyone who would like to join the team at Enable Security as a pentester / security researcher? We have a remote open position for the right person. We are mainly looking for someone full-time but persons interested in joining us part-time should also apply. More details can be found at the actual hiring page.…

    Read more about We're hiring a pentester / security researcher

    Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

    Published on Apr 8, 2022 in , , , , , ,

    Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.…

    Read more about Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

    Killing bugs … one vulnerability report at a time

    Published on Oct 29, 2021 in , , , ,

    Executive summary (TL;DR) We tell the story behind the latest FreeSWITCH advisories and how it all came together one sleepless night in April 2021 so that we ended up with 4 vulnerabilities that needed reporting. And then, one more vulnerability found due to a bug in our own software, SIPVicious PRO. We explain how these flaws were discovered, reported, fixed and what we ultimately learned through this process. What is this about?…

    Read more about Killing bugs ... one vulnerability report at a time

    One presentation at ClueCon and five security advisories for FreeSWITCH

    Published on Oct 25, 2021 in , , , ,

    The FreeSWITCH team has just published version v1.10.7 which fixes a number of security issues that we reported. If you use FreeSWITCH, please do upgrade to get these security updates. To learn about the background work that went into getting these security bugs squashed, follow Sandro’s talk called Killing bugs … one vulnerability report at a time. This will be presented at at ClueCon on Thursday, October 28th. Here are the titles of each advisory and a very short summary:…

    Read more about One presentation at ClueCon and five security advisories for FreeSWITCH

    Why volumetric DDoS cripples VoIP providers and what we see during pentesting

    Published on Oct 13, 2021 in ,

    An epiphany Until a few days ago, I was of the opinion that simulating volumetric DDoS attacks is not something we should be doing. If you had asked us for such a test, we would have given you a negative answer. Ironically, we had been unwittingly simulating volumetric DDoS attacks while quietly ignoring our own results. But, it’s time to stop neglecting bandwidth saturation and start giving it the attention that it deserves.…

    Read more about Why volumetric DDoS cripples VoIP providers and what we see during pentesting

    Massive DDoS attacks on VoIP Providers and simulated DDoS testing

    Published on Sep 24, 2021 in ,

    VoIP.ms and other VoIP providers under DDoS attack At the time of writing, a major VoIP provider called VoIP.ms is under a distributed denial of service (DDoS) attack since over a week. As a result, they are unable to serve their customers with everyone and their dog complaining that they cannot connect to VoIP.ms’s SIP servers as well as other resources. At the same time, someone claiming to be part of the REvil ransomware group is blackmailing the provider.…

    Read more about Massive DDoS attacks on VoIP Providers and simulated DDoS testing

    Abusing SIP for Cross-Site Scripting? Most definitely!

    Published on Jun 10, 2021 in , ,

    Executive summary (TL;DR) SIP can be used as an attack vector for AppSec vulnerabilities such as cross-site scripting (XSS), potentially leading to unauthenticated remote compromise of critical systems. VoIPmonitor GUI had one such vulnerability which highlights this attack vector exceptionally well. The following writeup explores how persistent backdoor administrative access can be obtained by sending malicious SIP messages. This vulnerability was reported by Enable Security and fixed in VoIPmonitor GUI back in February 2021, using standard cross-site scripting protection mechanisms.…

    Read more about Abusing SIP for Cross-Site Scripting? Most definitely!

    SIPVicious OSS v0.3.4 released with exit codes and automation features

    Published on Jun 2, 2021 in , , ,

    We just made SIPVicious OSS v0.3.4 available, so go get it! Or install it via pip: pip install sipvicious --upgrade What’s new? Two main things: Exit codes, just like SIPVicious PRO’s Integration with Github Actions This release makes it much easier to use SIPVicious OSS within your CI/CD pipelines and other automation systems. One should, of course, read the documentation on automation for more information. But here’s an example script to get the idea of what can be done:…

    Read more about SIPVicious OSS v0.3.4 released with exit codes and automation features

    DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

    Published on May 25, 2021 in , , , , , ,

    We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.…

    Read more about DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

    Subscribe

    Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

    Interested in our services? Let's collaborate.
    Get in touch

    We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.