Skip to main content

Tags voip security

Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

Published on Mar 16, 2021 in , , , , , ,

Executive summary (TL;DR) We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet.…

Read more about Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

RTC Security chat at Kamailio World Online with Daniel and Olle

Published on Oct 5, 2020 in , , , ,

It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…

Read more about RTC Security chat at Kamailio World Online with Daniel and Olle

Kamailio World Online SIP and VoIP Security Panel

Published on Aug 27, 2020 in , , , ,

On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…

Read more about Kamailio World Online SIP and VoIP Security Panel

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.