Skip to main content

Tags Webrtc Security

RTC Security chat at Kamailio World Online with Daniel and Olle

Published on Oct 5, 2020 in , , , ,

It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net.

If you don’t have time to watch the entire conversation, the following is my summary of this discussion:

Read more about RTC Security chat at Kamailio World Online with Daniel and Olle

Kamailio World Online SIP and VoIP Security Panel

Published on Aug 27, 2020 in , , , ,

On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel!

My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:

Read more about Kamailio World Online SIP and VoIP Security Panel

Bug bounty bout report 0x01 - WebRTC edition

Published on Jun 16, 2020 in , ,

Read the full report here.

In April 2020, in between SIPVicious PRO development and VoIP Pentesting and WebRTC, we dedicated some days to bug bounties and vulnerability disclosure programs to see what comes out of it. Our focus was on those that have WebRTC infrastructure in scope. In the end, we reported 3 vulnerabilities to 4 different vendors, for 6 different products. So finally, after making sure that the affected vendors have addressed these security issues and have agreed with publication, we are putting out a compiled report!

Read more about Bug bounty bout report 0x01 - WebRTC edition

Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

Published on Apr 20, 2020 in , , , ,

Executive summary (TL;DR)

Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server.

Background story

A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi. He recommended that people using the docker image for Jitsi meet set secure passwords.

Read more about Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

How we abused Slack’s TURN servers to gain access to internal services

Published on Apr 6, 2020 in , , ,

Executive summary (TL;DR)

Slack’s TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS. And we were awarded $3,500 for our bug-bounty report on HackerOne.

A very brief introduction to the TURN protocol

The Wikipedia page for this protocol is somewhat handy because it explains that:

Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications. It may be used with the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It is most useful for clients on networks masqueraded by symmetric NAT devices. TURN does not aid in running servers on well known ports in the private network through a NAT; it supports the connection of a user behind a NAT to only a single peer, as in telephony, for example.

Read more about How we abused Slack's TURN servers to gain access to internal services

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.