Skip to main content

RTC security
Newsletter

Curated VoIP and WebRTC security news, research and updates by Enable Security.

Subscribe
a phone receiver being crushed by a hand

September 2024: OWASP in San Francisco, WebRTC, Telco security and much more

Published on Sep 30, 2024

Writing this one from San Francisco, instead of our usual head quarters in Bavaria, Germany - right after the OWASP and ThreatModCon conferences. In this edition, we cover: Our news about the conferences, talks and OWASP getting into WebRTC security Telco security: VoLTE vulnerabilities as well as SS7 hacking Vulnerabilities in Asterisk, Cisco, Mitel and much more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks

Published on Aug 16, 2024

We’re sending this out a bit earlier than usual as some of us will be taking some time off soon. See you next month! In this edition, we cover: Our latest presentation for OWASP 2024 Global AppSec. An intriguing blog series by Margin Research on synthetic vulnerabilities in Signal-iOS’s WebRTC. Updates on new Cisco phone vulnerabilities that won’t be fixed, and a recently addressed Asterisk AMI vulnerability. A brief overview of notable presentations from Blackhat, DEF CON, and BSidesLV that might interest the RTCSec newsletter audience.…

Read more »

July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!

Published on Jul 31, 2024

Welcome to the July edition of your favorite VoIP and WebRTC security newsletter. While many are slowing down this time of year, we are ramping up our efforts. In this edition, we cover: Much news from us, including a podcast, pentesting and OWASP ASVS WebRTC project vulnerabilities that were previously hidden Hardware phone security research and exploitation Low-latency VoIP Security Analytics and Anonymization challenges and Twilio troubles The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx

Published on Jun 28, 2024

Welcome to the June 2024 edition of the RTCSec newsletter, covering VoIP and WebRTC security news and related topics. In this edition, we cover: Our latest publication on our blog about WebRTC vulnerabilities Cisco WebEx’s seemingly obvious vulnerabilities and their effect on military and political entities Security fixes in Chrome, affecting WebRTC Vulnerabilities in Mitel phones, sngrep, and… iTunes? And more! The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

Published on May 31, 2024

It is already the end of May, and we have a packed newsletter this month! In this edition, we cover: Our upcoming presentation about the DTLS ClientHello DoS vulnerability Vulnerabilities fixed in Asterisk, ALU and Cisco phones and more RCS phishing attempts and a Pre-War Reality Check and VoIP resilience New features from Kwanlabs SIP Open Relay tester A talk about STIR/SHAKEN privacy concerns Short news covering fax, physical access control vulnerabilities and honeypots The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more

Published on Apr 30, 2024

Welcome to the April edition of the VoIP and WebRTC security monthly newsletter. In this edition, we cover: Kamailio World 2024 review Our short and longer presentation on insecure Kamailio configuration patterns Changes to the newsletter Updates to T-Pot honeypot, sngrep security fixes, Mitel IP Phone vulnerabilities New security course on WebRTC by BlogGeek.me And some more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities

Published on Mar 28, 2024

Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. This one’s a short one. In this edition, we cover: German military phone call leak and Webex WhatsApp’s past VoIP stack vulnerabilities and preventing future exploits Security fixes in Apple’s WebRTC framework and baresip WebRTC podcast covers security with Tsahi Levent-Levi RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security

Published on Feb 29, 2024

Special day today, being a leap year! In other news, this month brought quite a bit of written content of interest to the VoIP and WebRTC security community, which we’re covering here: Generative AI on live audio conversations (sorry!) Vulnerabilities affecting Yealink, WebRTC and OpenScape Hardening WhatsApp’s VoIP library and new mobile malware using CPaaS WebRTC related security content courtesy of Staex, Mozilla and Fonoster FCC rules affecting VoIP providers and telcos RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »

January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and disable stuff

Published on Jan 31, 2024

Fresh new year, fresh VoIP and WebRTC security news! Welcome to this newsletter, write back if you find it useful. In this edition, we cover: TLS key logs, Kamailio and security tools Chromium’s WebRTC vulnerability CVE-2023-7024 The usual warning about SIP ALG Critical vulnerabilities fixed in Cisco’s Unified Communications products RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…

Read more »

December 2023: Round-up of this year’s VoIP and WebRTC security news, and DTLS hello race flaw

Published on Dec 22, 2023

It’s the end of the year and if you are still reading your emails, make sure to read this one! Wish you all restful holidays and a happy New Year! In this edition, we cover: our community contributions for 2023 and our new security advisories the best and the worst of 2023 Asterisk and 3CX vulnerabilities and a few more news items but not that much this time! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more »