Awesome Real-time Communications Security

A curated list of Real-time Communications (RTC) security resources focused on VoIP, WebRTC and VoLTE penetration testing, security research and vulnerability assessment.

Latest Updates

• 2024-12: Updated broken links and references
• 2024-12: Add new blogs

Contributing

Your contributions are always welcome! Please read the contribution guidelines first:

• Check if the resource is still active/available
• Add a short description for tools and papers
• Include publication dates where applicable
• Keep descriptions concise and clear
• Sort entries alphabetically within sections
• Check your spelling and grammar
• Make sure your text editor is set to remove trailing whitespace

License

To the extent possible under law, the authors have waived all copyright and related rights to this work.

Table of Contents

• Newsletters
• Presentation Slides
• Videos
• Advisories
• Open-source tools
• Papers
• Blogs
• Notable blog posts and articles
• Books
• Commercial tools
• Vulnerabilities
• Related lists

Newsletters

• RTCSec Newsletter

Presentation Slides

• Hacking VoIP Exposed from Black Hat USA 2006.
• Mobile network hacking – All-over-IP edition from SRLabs at Blackhat EU 2019
• Monitoring SIP Traffic Using Support Vector Machines

Videos

• OpenSSL DoS (CVE-2022-0778) versus WebRTC infrastructure
• TAD Summit EMEA Americas 2020: Getting offensive: a different approach to RTC security - Sandro Gauci
• HITBHaxpo D1: VoLTE Phreaking - Ralph Moonen
• Kamailio World 2019: The Various Ways Your RTC May Be Crushed - Sandro Gauci
• Kamailio World 2018: A tale of two RTC fuzzing approaches - Sandro Gauci
• Kamailio World 2017: Listening By Speaking - Security Attacks On Media Servers And RTP Relays - Sandro Gauci
• Kamailio World 2016: 9 Years Of Friendly Scanning And Vicious SIP - Sandro Gauci
• Kamailio World 2015: VoIP Security – Bluebox ng Continuous Pentesting - Sergio García Ramos
• Kamailio World 2013: VoIP Security Tools - Anton Roman
• Blackhat EU 2019: Mobile network hacking - All-over-IP edition - Karsten Nohl, Luca Melette & Sina Yazdanmehr
• Jailbreak Brewing Company Security Summit: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 - Maddie Stone
• RhurSec 2016: Eavesdropping on WebRTC Communication - Martin Johns
• Hak5 1813: SSL Hack Workarounds and WebRTC Flaws
• media.ccc.de: WebRTC Security - Stephan Thamm (language: german)

Advisories

• Cisco IOS and IOS XE SIP Protocol Denial of Service Vulnerability
• Cisco IOS XE Software NAT SIP Application Layer Gateway Denial of Service Vulnerability
• Cisco TelePresence Video Communication Server SIP DoS Vulnerability
• Voice over LTE implementations contain multiple vulnerabilities
• Asterisk RTP Bleed
• Asterisk pjSIP CSeq Overflow
• Juniper Junos Router OS DoS
• Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA
• Interaction SIP Proxy Buffer Overflow in SIPParser() Leads to DoS
• Asterisk pjSIP Multi Parser Out-of-Bound Memory Access
• Asterisk Skinny Memory Exhaustion
• Asterisk Stack Corruption in subscribe Message
• Asterisk Segfault with Invalid SDP fmtp Attribute
• Asterisk Segfault with Invalid Media Format Descriptiom
• Asterisk Segfault with INVITE Replay Attack
• Kamalio Off-By-One Heap Overflow
• New RCS technology exposes most mobile users to hacking
• Zoom Communications user enumeration

Open-source tools

• SIPVicious OSS - A set of tools to audit SIP based systems
• SIPPTS - Another set of tools to audit VoIP servers and devices using SIP protocol.
• bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP. (public archive)
• SigPloit - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
• vsaudit - VoIP security assessment framework.
• rtpnatscan - Tool which tests for rtpbleed vulnerability.
• VIPROY - VoIP pentest framework which can be used with the metasploit-framework.
• SIP Proxy - A VoIP security testing tool.
• Metasploit auxiliary modules
• SIPp: SIP based test tool / traffic generator.
  • SIPp digest leak scenario
• Mr.SIP - SIP based audit and attack tool.
• VoIPShark - Open Source VoIP Analysis Platform
• Turner - PoC for tunnelling HTTP over a permissive/open TURN server.
• sipsak - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)
• turnproxy - Tool to abuse open TURN relays
• SeeYouCM Thief - download and parse configuration files from Cisco phone systems searching for SSH credentials
• stunner - a tool to test and exploit STUN, TURN and TURN over TCP servers.
• VoIP Hopper - a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure.

Papers

• Abusing SIP Authentication
• Multiple Design Patterns for Voice over IP (VoIP) Security
• Realtime Steganography with RTP (local copy)
• A Lossless Steganography Technique for G.711 Telephony Speech
• CallRank: Combating SPIT Using Call Duration, SocialNetworks and Global Reputation
• Steganography of VoIP streams
• Steganalysis of compressed speech to detect covert VoIP channels
• Securing Voice over Internet Protocol
• Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks
• An ontology description for SIP security flaws
• Analysis of DDoS Attacks in Heterogeneous VoIP Networks: A Survey
• Network security systems to counter SIP-based denial-of-service attacks
• Multilayer Secured SIP Based VoIP Architecture
• Battling Against DDoS in SIP
• Billing Attacks on SIP-Based VoIP Systems
• Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems
• An Analysis of Security Threats and Tools in SIP-Based VoIP Systems
• Fast Detection of Denial-of-ServiceAttacks on IP Telephony
• VoIP Security: Threat Analysis & Countermeasures (local copy)
• Voice Over IP - Security and SPIT

Blogs

• Enable Security Blog - A blog about VoIP, WebRTC and real-time communications security by Enable Security
• Pepelux blog (Spanish)
• Kwancro - Thoughts, tips and tricks - Often covers SIP honeypot activity and related security topics
• Fred Posner's Blog - includes commentary on VoIP security topics

Notable blog posts and articles

• Understanding DTLS Usage in VoIP Communications
• How we abused Slack's TURN servers to gain access to internal services
• Analyzing WhatsApp Calls with Wireshark, radare2 and Frida
• Adventures in Video Conferencing Part 1: The Wild World of WebRTC
• Adventures in Video Conferencing Part 2: Fun with FaceTime
• Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp
• Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp
• Adventures in Video Conferencing Part 5: Where Do We Go from Here?
• Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
• Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 & CVE-2021-37624
• Abusing Microsoft Teams Direct Routing
• Kamailio’s exec module considered harmful

Books

• Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition 2nd Edition (published December 20, 2013)
• Hacking VoIP: Protocols, Attacks, and Countermeasures (published March 21, 2008)
• SIP Security (published April 27, 2009)

Vulnerabilities

The following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.

• RTP bleed
• SIP Digest Leak

CTFs and Learning Resources

• SIPVicious PRO demo server - Live environment for testing RTC attacks
• CSAW CTF Qualification Round 2020 / Tasks / WebRTC - CTF challenge featuring WebRTC (2020)

Related lists

• Awesome Cellular Hacking
• Awesome RTC
• Awesome Telco