[Linphone-developers] Linphone ZRTP insecure

linphone-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-developers] Linphone ZRTP insecure

From:	Juraj Šarinay
Subject:	[Linphone-developers] Linphone ZRTP insecure
Date:	Thu, 09 Mar 2023 15:52:52 +0100

Hello

The way Linphone implements parts of SIP makes ZRTP rather useless. I
first reported the vulnerability back in 2018 and also when revisiting
the issue four years later.

After Alice and Bob set up ZRTP and call each other, a malicious server
in between can downgrade a running ZRTP call to plain RTP and listen
in.

If ZRTP is configured as mandatory on both endpoints, instead of
downgrading to plain RTP, the attacker starts fresh separate ZRTP
sessions with the participants to replace the original direct ZRTP
session.

I shall spare you the details and provide a demonstration of the
attacks (on the latest versions of Linphone) on video.

https://sarinay.com/files/amo1ddjcbg/linphone_zrtp_downgrade.mp4
https://sarinay.com/files/pcyjigfvfw/linphone_zrtp_mitm.mp4

The security of ZRTP within Linphone boils down to the question of how
likely Alice or Bob are to notice the attack in the middle of a call.

Belledone have been rolling their own crypto for years. Perhaps other
people's crypto might be worth getting right too.

Best,
Juraj

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-developers] Linphone ZRTP insecure, Juraj Šarinay <=

Prev by Date: [Linphone-developers] Current call mute after external call
Next by Date: [Linphone-developers] Websocket over Sip with the Liblinphone Libary
Previous by thread: [Linphone-developers] Current call mute after external call
Next by thread: [Linphone-developers] Websocket over Sip with the Liblinphone Libary
Index(es):
- Date
- Thread