Skip to main content

VoIP and WebRTC
Security Articles and News

Articles and security news about vulnerabilities and attacks affecting VoIP and WebRTC by Enable Security.

Subscribe
a phone receiver being crushed by a hand

    SIPVicious PRO v6.0.0 alpha.5 available to our clients

    Published on Jun 3, 2020 in , ,

    With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following: Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes An extensive getting started page is now available, with instructions on how to use most of the modules Exit codes!…

    Read more about SIPVicious PRO v6.0.0 alpha.5 available to our clients

    A gentle introduction to caller ID spoofing

    Published on May 7, 2020 in ,

    Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…

    Read more about A gentle introduction to caller ID spoofing

    Awesome RTC hacking list published on Github

    Published on Apr 29, 2020

    We have been collecting lists of resources related to RTC security, namely VoIP, WebRTC and VoLTE which we just made available on our Github. Please contribute and share! So far, the list contains awesome links for the following topics: Presentation Slides Videos Advisories Open-source tools Papers Blogs Notable blog posts and articles Books Commercial tools Vulnerabilities Related lists So, what are we missing? Get in touch on Twitter or submit a pull request.…

    Read more about Awesome RTC hacking list published on Github

    Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

    Published on Apr 20, 2020 in , , , ,

    Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…

    Read more about Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

    How we abused Slack’s TURN servers to gain access to internal services

    Published on Apr 6, 2020 in , , ,

    Executive summary (TL;DR) Slack’s TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS. And we were awarded $3,500 for our bug-bounty report on HackerOne. A very brief introduction to the TURN protocol The Wikipedia page for this protocol is somewhat handy because it explains that: Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.…

    Read more about How we abused Slack's TURN servers to gain access to internal services

    What’s up with SIPVicious PRO?

    Published on Mar 30, 2020 in ,

    In the past 3 years we have been working on developing SIPVicious PRO during our work as penetration testers and in between engagements. Since our chief demolition officer, Alfred joined up with Enable Security, the development has had a much-needed push so that we started making it available to a limited number of companies that happen to be our clients. Today, we’re making version 6.0.0-alpha.4 available to our clients which includes Opus support, further support for SRTP and of course, a number of bug fixes.…

    Read more about What's up with SIPVicious PRO?

    SIPVicious OSS 0.3.0 released

    Published on Mar 10, 2020 in , ,

    It’s been a few years since we released a new version of SIPVicious. Truth is, we were working on SIPVicious PRO which we started making available to some of our clients. Many people still use the open-source version of SIPVicious and it is included in various pentest Linux distributions, and definitely is useful to a number of people (especially after they change the user-agent string). And so, with the impending Python2 apocalypse, we decided to make a new release, porting SIPVicious OSS to Python 3 and including various updates that happened since 2015 in the master branch.…

    Read more about SIPVicious OSS 0.3.0 released

    If SIPVicious gives you a ring…

    Published on Dec 10, 2012 in , , , ,

    Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…

    Read more about If SIPVicious gives you a ring...

    Using XSS to switch off dotDefender 4.0

    Published on Jun 1, 2010

    AppliCure’s dotDefender version 4.0 had a security flaw in the log viewing feature of the administrative interface. We just published an advisory for this vulnerability. Here’s the interesting part: “The log viewer facility in dotDefender does not properly htmlencode user supplied input. This leads to a cross site scripting vulnerability when the log viewer displays HTTP headers.” The following video shows how an attacker can make use of cross site scripting to get the system administrator to automatically switch off dotDefender.…

    Read more about Using XSS to switch off dotDefender 4.0

    Setting the secure flag in the cookie is easy

    Published on Aug 29, 2008

    TechRepublic had an interesting article about the Surf Jack attack. Many people commented, some giving their own solution to the problem. However many of these solutions do not prevent the attack because they do not really address it. Of course, who ever missed the details should check out the paper. The attack has been addressed quite a while ago, and the solution is easy to implement in many occasions. So no need to reinvent the wheel or create a new solution which has not been peer reviewed yet.…

    Read more about Setting the secure flag in the cookie is easy

    Subscribe

    Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

    Interested in our services? Let's collaborate.
    Get in touch

    We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.