- Does your video call have End-to-End Encryption? Probably not..
- Improving Scale and Media Quality with Cascading SFUs (Boris Grozev)
- How Zoom’s web client avoids using WebRTC (DataChannel Update)
- Guide to WebRTC with Safari in the Wild (Chad Phillips)
- Breaking Point: WebRTC SFU Load Testing (Alex Gouaillard)
- An Intro to WebRTC’s NAT/Firewall Problem
- Computer Vision on the Web with WebRTC and TensorFlow
webrtcH4cKS: ~ The WhatsApp RTCP exploit – what might have happened?
As you may have heard, Whatsapp discovered a security issue in their client which was actively exploited in the wild. The exploit did not require the target to pick up the call which is really scary.
Since there are not many facts to go on, lets do some tea reading…
The security advisory issued by Facebook says
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
This is not much detail, investigations are probably still ongoing. I would very much like to hear a post-mortem how WhatsApp detected the abuse.