Tags › webrtc security
TADSummit Innovators Podcast reviews the Last 6 Months of RTC Security Trends with Sandro Gauci
Published on Jul 26, 2024 in voip security, webrtc security
This week, I had the pleasure of joining Alan Quayle on the TADSummit Innovators Podcast to review the last six months of VoIP and WebRTC security news. We delved into some of the most intriguing trends emerging in the RTC security space. We covered the following RTC security trends for 2024 so far: Increasing focus on WebRTC vulnerabilities and security Growing concern over VoIP and conferencing platform security Emerging threats from AI and machine learning in audio manipulation Growing importance of resilience in communication systems SMS/Voice 2FA is hugely problematic Here are the top 10 insights that emerged from our discussion:…
Read more »A Novel DoS Vulnerability affecting WebRTC Media Servers
Published on Jun 25, 2024 in denial of service, freeswitch, webrtc security, asterisk
Executive summary (TL;DR) A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP, specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and DTLS traffic and can be exploited to disrupt media sessions, compromising the availability of real-time communication services. Mitigations include filtering packets based on ICE-validated IP and port combinations. The article also indicates safe testing methods and strategies for detecting the attack.…
Read more »Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
Published on Apr 8, 2022 in denial of service, demo server, freeswitch, asterisk, webrtc security, kamailio, sipvicious pro
Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.…
Read more »Details about CVE-2020-26262, bypass of Coturn’s default access control protection
Published on Jan 11, 2021 in webrtc security, bug bounty, research, stunner
Video demonstration The following demonstration shows the security bypass of the default coturn configuration on IPv4: Note Turn on the captions by clicking on the CC button and watch on full screen for optimal viewing experience. Background: why does coturn have default access control rules in the first place? TURN servers are an important part of many WebRTC infrastructures because they make it possible to relay the media even for hosts behind restrictive NAT.…
Read more »RTC Security chat at Kamailio World Online with Daniel and Olle
Published on Oct 5, 2020 in conferences, kamailio, voip security, webrtc security, sip security testing
It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…
Read more »Kamailio World Online SIP and VoIP Security Panel
Published on Aug 27, 2020 in sip security, conferences, webrtc security, voip security, kamailio
On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…
Read more »Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it
Published on Apr 20, 2020 in xmpp security, jitsi meet, research, webrtc security, default passwords
Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…
Read more »How we abused Slack’s TURN servers to gain access to internal services
Published on Apr 6, 2020 in webrtc security, bug bounty, research, stunner
Executive summary (TL;DR) Slack’s TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS. And we were awarded $3,500 for our bug-bounty report on HackerOne. A very brief introduction to the TURN protocol The Wikipedia page for this protocol is somewhat handy because it explains that: Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.…
Read more »