{"id":2815,"date":"2013-07-03T10:00:06","date_gmt":"2013-07-03T14:00:06","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2815"},"modified":"2013-07-03T10:00:06","modified_gmt":"2013-07-03T14:00:06","slug":"vulnerabilities-found-in-code-library-used-by-encrypted-phone-call-apps","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/03\/vulnerabilities-found-in-code-library-used-by-encrypted-phone-call-apps\/","title":{"rendered":"Vulnerabilities found in code library used by encrypted phone call apps"},"content":{"rendered":"<p>ZRTPCPP, an open-source library that\u2019s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.<br \/>\nZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.<br \/>\nThe library is used by secure communications provider Silent Circle in its Silent Phone app, as well as by other programs that support encrypted phone calls, including CSipSimple, LinPhone, Twinkle, several client apps for the Ostel service and \u201canything using the GNU ccRTP with ZRTP enabled,\u201d said Azimuth Security co-founder Mark Dowd in a blog post on Thursday.<br \/>\nFollowing the recent reports about the National Security Agency\u2019s data collection programs that appear to cover Internet audio conversations, there\u2019s been an increased interest into encrypted communication services from end users.<br \/>\nThe vulnerabilities in ZRTPCPP were found while evaluating the security of some of the products that offer encrypted phone call capabilities, Dowd said.<br \/>\nOne vulnerability consists of a buffer overflow in the ZRtp::storeMsgTemp() function, the researcher said. \u201cIf an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times\u2014such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host.\u201d<br \/>\nAnother function, ZRtp::prepareCommit(), contains multiple stack overflows that occur when preparing a response to a client\u2019s ZRTP Hello packet. It is unlikely that this vulnerability is exploitable for remote code execution due to technical constraints, but it can be used to crash the target application, Dowd said.<br \/>\nThe third vulnerability is an information leakage one and can be used to obtain information that could be used to achieve reliable remote code execution in conjunction with the previously mentioned heap overflow bug. \u201cIn addition, it could possibly be used to leak sensitive crypto-related data, although the extent of how useful this is has not been investigated,\u201d Dowd said.<br \/>\nIn a later update to the blog post, Dowd said that patches for the vulnerabilities have been added to ZRTPCPP\u2019s code repository on Github and that Silent Circle has updated its own apps on Google Play and Apple\u2019s App Store with fixes.<br \/>\nThis was only an initial analysis of a minor component of encrypted phone call apps, he said. \u201cIt would be beneficial for the security community to undertake further study of some of these products.\u201d<br \/>\nvia <a href=\"http:\/\/www.pcworld.com\/article\/2043366\/vulnerabilities-found-in-code-library-used-by-encrypted-phone-call-apps.html\" target=\"_blank\">Vulnerabilities found in code library used by encrypted phone call apps | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ZRTPCPP, an open-source library that\u2019s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[3,7,9,10],"tags":[90,1173,1276],"class_list":["post-2815","post","type-post","status-publish","format-standard","hentry","category-hardware","category-security","category-software","category-technology","tag-apps","tag-voip","tag-zrtpcpp"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Jp","jetpack-related-posts":[{"id":5579,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/13\/linux-gets-fix-for-code-execution-flaw-that-was-undetected-since-2009-ars-technica\/","url_meta":{"origin":2815,"position":0},"title":"Linux gets fix for code-execution flaw that was undetected since 2009","author":"NCCT","date":"May 13, 2014","format":false,"excerpt":"Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=525%2C300 1.5x"},"classes":[]},{"id":6833,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/11\/12\/ios-security-hole-allows-attackers-to-poison-already-installed-iphone-apps\/","url_meta":{"origin":2815,"position":1},"title":"iOS security hole allows attackers to poison already installed iPhone apps","author":"NCCT","date":"November 12, 2014","format":false,"excerpt":"Security researchers have warned of a security hole in Apple's iOS devices that could allow attackers to replace legitimate apps with booby-trapped ones, an exploit that could expose passwords, e-mails, or other sensitive user data. The \"Masque\" attack, as described by researchers from security firm FireEye, relies on enterprise provisioning\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":8742,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/microsoft-may-block-sha1-certificates-sooner-than-expected\/","url_meta":{"origin":2815,"position":2},"title":"Microsoft may block SHA1 certificates sooner than expected","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Encrypted sites running old certificates will be inaccessible from modern browsers. By Zack Whittaker for Zero Day While about one-in-four encrypted websites are still using weak security certificates, Microsoft is considering taking matters into its own hands. With the possibility of an attack becoming ever more possible, the software giant\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6128,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/05\/mozilla-warns-of-leaky-developer-network-database\/","url_meta":{"origin":2815,"position":3},"title":"Mozilla warns of leaky developer network database","author":"NCCT","date":"August 5, 2014","format":false,"excerpt":"Mozilla\u2019s website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday. Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations,\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8714,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove\/","url_meta":{"origin":2815,"position":4},"title":"Newly discovered adware digs its claws deep into Android, is nearly impossible to remove","author":"NCCT","date":"November 5, 2015","format":false,"excerpt":"Security researchers found over 20,000 adware samples hiding in apps that masquerade as Facebook, Twitter, Snapchat, and other popular services. Derek Walter | @derekwalter | PCWorld Security researchers have uncovered a new style of Android malware that hides inside of apps that act and look like they\u2019re legitimate services. Lookout\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5625,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/29\/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns\/","url_meta":{"origin":2815,"position":5},"title":"\u201cTrueCrypt is not secure,\u201d official SourceForge page abruptly warns","author":"NCCT","date":"May 29, 2014","format":false,"excerpt":"One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use. \"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,\" text in red at the top\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2815"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2815\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}