W3C SVG

Get help by hiring us


Mar 24, 2021

Our clients

  • Service providers, telecom carriers, mobile operators
  • Vendors of VoIP/IMS and WebRTC solutions
  • CPaaS (communications platform as a service)
  • Video conferencing platforms
  • Contact center platforms

What we do

  • Penetration Testing
  • Security analysis and consultancy
  • Denial of service simulation (DoS)
  • Fuzzing exercises and setup
  • Configuration security review
  • Secure code audit

Experience

Target Examples
Session Border Controllers (SBCs) Kamailio, OpenSIPS, Audiocodes, Sonus SBC
IP PBX servers Asterisk, FreeSWITCH, Avaya Aura, Cisco Unified Communications
Media servers RTPEngine and proprietary solutions
IM/Presence systems, XMPP servers Ejabberd, OpenFire and Prosody
Telecom solutions and Unified Communications systems Broadworks (Cisco)
Mobile softphones Cisco (Broadsoft) Communicator and custom solutions
Customer premises equipment (CPE DSL, cable modems, SIP gateways
Hardware phones and conference call equipment Proprietary solutions
WebRTC media gateways Janus, proprietary solutions
TURN server Coturn
SMPP servers OpenSMPP, Kannel, Cloudhopper

Protocols and Standard test cases

  • SIP (RFC 3261, 3264, 3265, 3665, 4568, 5621, 8760)
    • Call relaying / dialplan security bypass
    • INVITE flood (INVITE of death) / REGISTER flooding (Denial of Service (DoS) testing)
    • SIP extension enumeration
    • SIP digest leak attacks on vulnerable SIP endpoints and SIP proxies
    • SIP routing vulnerabilities
    • SIP header injection / smuggling tests
    • Caller-ID spoofing
    • SIP online cracking / password bruteforce
    • Injection tests, for SQL injection / other injection vectors introduced through SIP
    • Authentication bypass testing
  • RTP (RFC 3550, 3711, 5761)
    • RTP Flooding (Denial of Service (DoS) testing), especially targeting recording systems
    • Media encryption tests, especially related to SRTP, SDES and DTLS
    • RTP bleed and RTP injection attacks
    • Call interception, eavesdropping due to lack of media or signalling encryption
  • DTLS (RFC 6347, 5763, 5764)
    • DTLS denial of service
    • Certificate handling
    • Weak ciphers
    • Information disclosure vulnerabilities
  • XMPP (RFC 6120, 6121)
    • XMPP attacks for several XEPs (XMPP protocol extensions) and XMPP servers
  • SMPP (version 3.4)
    • Fuzzing
    • Reconnaissance
    • Caller-ID spoofing
    • Denial of Service tests
  • STUN (RFC 5389, 7350, 8489) and TURN (RFC 5766, 8656, 6062)
    • TURN proxy abuse testing
  • SIP TLS (RFC 3261, 5630)
    • SIP TLS configuration review to identify TLS related weaknesses
  • ICE (RFC 8445)
    • Private IP leak
  • Software specific tests
    • Asterisk/Kamailio/OpenSIPS security configuration review
    • Known and unknown vulnerabilities affecting target products / software packages
    • Dialplan injection attacks and other attacks specific to the platform’s dialplan handling
    • Provisioning security tests on TFTP, FTP, and HTTP protocols
  • Network infrastructure specific tests
    • In the case of local network infrastructure, VLAN hopping may be required
  • Web application security tests
    • OWASP Top 10 vulnerabilities
    • SQL injection, LDAP injection, blind cross-site scripting (XSS) and other types of injection