- Guide to WebRTC with Safari in the Wild (Chad Phillips)
- How Zoom’s web client avoids using WebRTC
- Computer Vision on the Web with WebRTC and TensorFlow
- AIY Vision Kit Part 1: TensorFlow Computer Vision on a Raspberry Pi Zero
- Breaking Point: WebRTC SFU Load Testing (Alex Gouaillard)
- How to Figure Out WebRTC Camera Resolutions
- An Intro to WebRTC’s NAT/Firewall Problem
webrtcH4cKS: ~ The WhatsApp RTCP exploit – what might have happened?
As you may have heard, Whatsapp discovered a security issue in their client which was actively exploited in the wild. The exploit did not require the target to pick up the call which is really scary.
Since there are not many facts to go on, lets do some tea reading…
The security advisory issued by Facebook says
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
This is not much detail, investigations are probably still ongoing. I would very much like to hear a post-mortem how WhatsApp detected the abuse.