RTC security
Newsletter
Curated VoIP and WebRTC security news, research and updates by Enable Security.
SubscribeNovember 2023: Advisories for VoIP systems and devices, WebRTC privacy and spying on your calls
Published on Nov 30, 2023
Welcome to the November edition of your favorite IP Communications Security Newsletter! In this edition, we cover: Asterisk fixing a PPE in their Github Cyber-criminals listening on telecommunications systems to learn how they were caught ARM’s MTE is going to protect your smartphones - Google Project Zero’s blog post about it Privacy and security of video conferencing on WebRTC LIVE And much more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »October 2023: security theatre and PBX hacking, plus last month’s advisories
Published on Oct 26, 2023
It’s the moment you’ve eagerly anticipated, that special time of the month. Yes, end of the month means salary time for many, and Halloween - but also - your favorite newsletter is out and about! In this edition, we cover: A presentation by good pseudonym at DEF CON about PBX and UC hacking The drama that ensued with regards to FreePBX vulnerabilities How our customers are enjoying access to the Attack Platform Security fixes in WebRTC and Skype for business Short news including MiTM attacks on XMPP, monthly vulnerability fixes and much more!…
Read more »September 2023: Security advisories, SIP & DTLS-SRTP interoperability and 5G infra attacks
Published on Sep 29, 2023
Welcome to the September edition of the VoIP and WebRTC security newsletter, RTCSec news! In this edition, we cover: our news, including the WebRTC & Video Delivery presentation we gave at CommCon, OpenSIPIt and our Attack Platform security fixes in FreeSWITCH, OpenScape, Stormshield and DLINK phones GPRS Tunneling Protocol user-plane (GTP-U) abuse, Signal upgraded for quantum computing and SBOMs RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »August 2023: Join OpenSIPit, learn about Zoom, Skype vulnerabilities, and more
Published on Aug 31, 2023
Hope you had some lovely holidays in August! And if not, what are you waiting for? This month we’re keeping the short news section and inviting people to participate in the upcoming edition of OpenSIPit! In this edition, we cover: our latest news and how to keep us in business Android security - 2G and VoLTE Zoom and AudioCodes vulnerabilities revealed at Blackhat Skype IP leak and how this is more common in RTC than assumed Memory corruption in Qualcomm chipsets handling VoLTE EVS audio (CVE-2022-40510) RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »July 2023: VoIP and WebRTC attack surface, pentesting for 2023 and VoIP DDoS attacks
Published on Jul 28, 2023
Welcome to the July edition of the RTC security newsletter! For this month, we brought back the short news section making this edition a bit shorter than usual. Do you prefer the longer form or is this more to your liking? In this edition, we cover: Our own recent presentation about the VoIP and WebRTC application attack surface Booking us for your pentest this year and our involvement with the upcoming OpenSIPIt DDoS threat report and VoIP SentryPeer news, STIR/SHAKEN problems and malware using RTC!…
Read more »June 2023: Talks on VoIP security, WebRTC server-side attacks and WISH/WHIP
Published on Jun 30, 2023
It is finally conference season and so this newsletter covers 3 different events focused on RTC and opensource communications as well as the latest and greatest security fixes related to VoIP and WebRTC. In this edition, we cover: Kamailio World, CommCon and OpenSIPS summit presentations of interest Our own work especially on WebRTC and WISH (WHIP) security More open SIP relay attacks in the wild DDoS, botnets and VoIP RTC vulnerabilities and fixes in MacOS, iOS, WebRTC and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »May 2023: RTC conferences, advisories for Cisco, Mitel, sofia-sip
Published on May 31, 2023
Welcome to the May edition of the monthly VoIP and WebRTC security newsletter! In this edition, we cover: Kamailio World in Berlin and CommCon in the UK Open Source Telecom Software Survey 2023 Asterisk PBX and ASAN compilation SIP-based vulnerabilities in Shannon Baseband vulnerabilities many more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…
Read more »April 2023: 3CX incident updates, WebRTC security and H264
Published on Apr 28, 2023
April brings with it conference announcements, updates to the 3CX incident and a very interesting paper about the most popular video codec. In this edition, we cover: New fuzzing of RTP codecs with SIPVicious PRO Details about our WebRTC security presentation for CommCon News about the 3CX compromise and much much more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.…
Read more »March 2023: Trojan 3CX Client, CRA talk, OpenSIPS audit report and much more
Published on Mar 31, 2023
Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. A lot has accumulated in March on the VoIP and IP Communication security front. In fact, this one is packed! In this edition, we cover: Our news, involving CI/CD automation of VoIP security testing with SIPVicious PRO More news from us, including the OpenSIPS security audit report and a chat about the Cyber Resilience Act 3CX Phone Client turned into a trojan Critical vulnerabilities affecting Samsung and Pixel phones via VoLTE and 5G Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.…
Read more »WebRTC attacks, FOSDEM'23 and security fixes
Published on Feb 28, 2023
Welcome to the February 2023 edition of RTCSec newsletter. If you are reading this on your email client, you might notice slight formatting changes - the red color of the Communication Breakdown blog and the mascot on the side. Hope that this makes it more distinguishable. Do let me know if you have feedback, by replying to this email. In this edition, we cover: A chat with Arin Sime of WebRTC.…
Read more »