Skip to main content

RTC security
Newsletter

Curated VoIP and WebRTC security news, research and updates by Enable Security.

Subscribe
a phone receiver being crushed by a hand

November 2024: Breaking VoIP & WebRTC – Exploits, Vulnerabilities, and Shodan Insights

Published on Nov 29, 2024

Welcome to the November issue of your favourite VoIP and WebRTC security newsletter! In this edition, we cover: Exploitation of Messenger from Meta and the internals of this application. Vulnerabilities in WebRTC, Poly Video Conferencing systems, Cisco phones, Qualcomm DSP video codecs. VoIP devices on the Internet, Shodan has you covered. The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…

Read more about November 2024: Breaking VoIP & WebRTC – Exploits, Vulnerabilities, and Shodan Insights

October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes

Published on Oct 25, 2024

Welcome to this 3rd anniversary edition of the RTCSec newsletter! In this edition, we cover: our news, including 3 years of newsletter and a new white paper about a WebRTC implementation vulnerability coverage of DEF CON 32 talks that mention WebRTC, a fake FBI-run phone company and SIP URI parsing vulnerabilities various vulnerabilities fixed in Cisco ATA devices, Mitel, VICIDial, and more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes

September 2024: OWASP in San Francisco, WebRTC, Telco security and much more

Published on Sep 30, 2024

Writing this one from San Francisco, instead of our usual head quarters in Bavaria, Germany - right after the OWASP and ThreatModCon conferences. In this edition, we cover: Our news about the conferences, talks and OWASP getting into WebRTC security Telco security: VoLTE vulnerabilities as well as SS7 hacking Vulnerabilities in Asterisk, Cisco, Mitel and much more The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about September 2024: OWASP in San Francisco, WebRTC, Telco security and much more

August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks

Published on Aug 16, 2024

We’re sending this out a bit earlier than usual as some of us will be taking some time off soon. See you next month! In this edition, we cover: Our latest presentation for OWASP 2024 Global AppSec. An intriguing blog series by Margin Research on synthetic vulnerabilities in Signal-iOS’s WebRTC. Updates on new Cisco phone vulnerabilities that won’t be fixed, and a recently addressed Asterisk AMI vulnerability. A brief overview of notable presentations from Blackhat, DEF CON, and BSidesLV that might interest the RTCSec newsletter audience.…

Read more about August 2024: WebRTC security at OWASP Global AppSec, WebRTC RCE technical posts and new talks

July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!

Published on Jul 31, 2024

Welcome to the July edition of your favorite VoIP and WebRTC security newsletter. While many are slowing down this time of year, we are ramping up our efforts. In this edition, we cover: Much news from us, including a podcast, pentesting and OWASP ASVS WebRTC project vulnerabilities that were previously hidden Hardware phone security research and exploitation Low-latency VoIP Security Analytics and Anonymization challenges and Twilio troubles The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!

June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx

Published on Jun 28, 2024

Welcome to the June 2024 edition of the RTCSec newsletter, covering VoIP and WebRTC security news and related topics. In this edition, we cover: Our latest publication on our blog about WebRTC vulnerabilities Cisco WebEx’s seemingly obvious vulnerabilities and their effect on military and political entities Security fixes in Chrome, affecting WebRTC Vulnerabilities in Mitel phones, sngrep, and… iTunes? And more! The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about June 2024: WebRTC security specs that need fixing and vulnerable VoIP firmware and WebEx

May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

Published on May 31, 2024

It is already the end of May, and we have a packed newsletter this month! In this edition, we cover: Our upcoming presentation about the DTLS ClientHello DoS vulnerability Vulnerabilities fixed in Asterisk, ALU and Cisco phones and more RCS phishing attempts and a Pre-War Reality Check and VoIP resilience New features from Kwanlabs SIP Open Relay tester A talk about STIR/SHAKEN privacy concerns Short news covering fax, physical access control vulnerabilities and honeypots The RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more

Published on Apr 30, 2024

Welcome to the April edition of the VoIP and WebRTC security monthly newsletter. In this edition, we cover: Kamailio World 2024 review Our short and longer presentation on insecure Kamailio configuration patterns Changes to the newsletter Updates to T-Pot honeypot, sngrep security fixes, Mitel IP Phone vulnerabilities New security course on WebRTC by BlogGeek.me And some more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about April 2024: Kamailio security, Mitel, sngrep and Grandstream vulnerabilities and more

March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities

Published on Mar 28, 2024

Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. This one’s a short one. In this edition, we cover: German military phone call leak and Webex WhatsApp’s past VoIP stack vulnerabilities and preventing future exploits Security fixes in Apple’s WebRTC framework and baresip WebRTC podcast covers security with Tsahi Levent-Levi RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities

February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security

Published on Feb 29, 2024

Special day today, being a leap year! In other news, this month brought quite a bit of written content of interest to the VoIP and WebRTC security community, which we’re covering here: Generative AI on live audio conversations (sorry!) Vulnerabilities affecting Yealink, WebRTC and OpenScape Hardening WhatsApp’s VoIP library and new mobile malware using CPaaS WebRTC related security content courtesy of Staex, Mozilla and Fonoster FCC rules affecting VoIP providers and telcos RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…

Read more about February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security