{"id":2815,"date":"2013-07-03T10:00:06","date_gmt":"2013-07-03T14:00:06","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2815"},"modified":"2013-07-03T10:00:06","modified_gmt":"2013-07-03T14:00:06","slug":"vulnerabilities-found-in-code-library-used-by-encrypted-phone-call-apps","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/03\/vulnerabilities-found-in-code-library-used-by-encrypted-phone-call-apps\/","title":{"rendered":"Vulnerabilities found in code library used by encrypted phone call apps"},"content":{"rendered":"

ZRTPCPP, an open-source library that\u2019s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.
\nZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.
\nThe library is used by secure communications provider Silent Circle in its Silent Phone app, as well as by other programs that support encrypted phone calls, including CSipSimple, LinPhone, Twinkle, several client apps for the Ostel service and \u201canything using the GNU ccRTP with ZRTP enabled,\u201d said Azimuth Security co-founder Mark Dowd in a blog post on Thursday.
\nFollowing the recent reports about the National Security Agency\u2019s data collection programs that appear to cover Internet audio conversations, there\u2019s been an increased interest into encrypted communication services from end users.
\nThe vulnerabilities in ZRTPCPP were found while evaluating the security of some of the products that offer encrypted phone call capabilities, Dowd said.
\nOne vulnerability consists of a buffer overflow in the ZRtp::storeMsgTemp() function, the researcher said. \u201cIf an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times\u2014such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host.\u201d
\nAnother function, ZRtp::prepareCommit(), contains multiple stack overflows that occur when preparing a response to a client\u2019s ZRTP Hello packet. It is unlikely that this vulnerability is exploitable for remote code execution due to technical constraints, but it can be used to crash the target application, Dowd said.
\nThe third vulnerability is an information leakage one and can be used to obtain information that could be used to achieve reliable remote code execution in conjunction with the previously mentioned heap overflow bug. \u201cIn addition, it could possibly be used to leak sensitive crypto-related data, although the extent of how useful this is has not been investigated,\u201d Dowd said.
\nIn a later update to the blog post, Dowd said that patches for the vulnerabilities have been added to ZRTPCPP\u2019s code repository on Github and that Silent Circle has updated its own apps on Google Play and Apple\u2019s App Store with fixes.
\nThis was only an initial analysis of a minor component of encrypted phone call apps, he said. \u201cIt would be beneficial for the security community to undertake further study of some of these products.\u201d
\nvia Vulnerabilities found in code library used by encrypted phone call apps | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

ZRTPCPP, an open-source library that\u2019s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,7,9,10],"tags":[90,1173,1276],"class_list":["post-2815","post","type-post","status-publish","format-standard","hentry","category-hardware","category-security","category-software","category-technology","tag-apps","tag-voip","tag-zrtpcpp"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Jp","jetpack-related-posts":[{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":2815,"position":0},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":2815,"position":1},"title":"Millsplain It to Me – This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9395,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/08\/27\/this-week-in-tech-681-that-grips-my-muffin\/","url_meta":{"origin":2815,"position":2},"title":"This Week in Tech 681: That Grips My Muffin","author":"NCCT","date":"August 27, 2018","format":false,"excerpt":"https:\/\/youtu.be\/0TYA0gbIIng This Week in Tech - Tech companies are meeting in secret to discuss election security. - FB wants your MRI to train its AI. - The nightmare that is Facebook moderation. - Refuse to unlock your phone in Australia, go to jail for 10 years. - It's still very\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/0TYA0gbIIng\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9297,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/11\/this-week-in-tech-653-x-stands-for-nothing\/","url_meta":{"origin":2815,"position":3},"title":"This Week in Tech 653: X Stands for Nothing","author":"NCCT","date":"February 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9vdjtG9ozeQ HomePod should have been delayed longer. Elon Musk's rollercoaster week: Falcon Heavy sends a Tesla to Mars just as Tesla has its worst quarter ever. iPhone boot code leaked online. Chrome will shame insecure websites. YouTube suspends Logan Paul for generally being a horrible human being. Rethinking Facebook and\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9vdjtG9ozeQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9370,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/06\/24\/this-week-in-tech-672-meme-the-queen\/","url_meta":{"origin":2815,"position":4},"title":"This Week in Tech 672: Meme the Queen","author":"NCCT","date":"June 24, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ZCttWvS1qJw Two HUGE Supreme Court decisions, Apple admits its keyboards suck, Europe's war on memes, and more. -- The US Supreme Court kills warrantless cell phone location fishing and okays state sales taxes on internet purchases. -- Apple offers refunds on MacBook butterfly keyboard repairs and wants to let you\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ZCttWvS1qJw\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9305,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/26\/this-week-in-tech-655-banana-is-phone\/","url_meta":{"origin":2815,"position":5},"title":"This Week in Tech 655: Banana Is Phone","author":"NCCT","date":"February 26, 2018","format":false,"excerpt":"https:\/\/youtu.be\/3Ndfvf28O5o Samsung announces 2 new phones as Mobile World Congress kicks off in Barcelona. iCloud keys are stored in China. All 150 new emojis for 2018 revealed. Nokia's newest phone is a nod to The Matrix. GDPR and H.R. 1865 and their implications. Intel knew about flaws in chips but\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/3Ndfvf28O5o\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2815"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2815\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}