[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-developers] Linphone ZRTP insecure
From: |
Juraj Šarinay |
Subject: |
[Linphone-developers] Linphone ZRTP insecure |
Date: |
Thu, 09 Mar 2023 15:52:52 +0100 |
Hello
The way Linphone implements parts of SIP makes ZRTP rather useless. I
first reported the vulnerability back in 2018 and also when revisiting
the issue four years later.
After Alice and Bob set up ZRTP and call each other, a malicious server
in between can downgrade a running ZRTP call to plain RTP and listen
in.
If ZRTP is configured as mandatory on both endpoints, instead of
downgrading to plain RTP, the attacker starts fresh separate ZRTP
sessions with the participants to replace the original direct ZRTP
session.
I shall spare you the details and provide a demonstration of the
attacks (on the latest versions of Linphone) on video.
https://sarinay.com/files/amo1ddjcbg/linphone_zrtp_downgrade.mp4
https://sarinay.com/files/pcyjigfvfw/linphone_zrtp_mitm.mp4
The security of ZRTP within Linphone boils down to the question of how
likely Alice or Bob are to notice the attack in the middle of a call.
Belledone have been rolling their own crypto for years. Perhaps other
people's crypto might be worth getting right too.
Best,
Juraj
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Linphone-developers] Linphone ZRTP insecure,
Juraj Šarinay <=