tags:messengersignallearning_resourceandroidiOSwebrtc original link: You Can’t Spell WebRTC without RCE: Part 1 newsletter link: exploits.club Weekly Newsletter 31


Exploits Club Summary:

Ah the zero-click IM RCE - everyone’s dream. This week, Margin Research took to their blog to start an exciting new series revolving around security research on Signal. The first entry takes a look at WebRTC. It starts with a deep dive into the underlying protocols before discussing how to set up a research environment. This involves using an iOS target phone and an Android thrower. Finally, the iOS app is injected with vulnerabilities previously discovered by Natalie Silvanovich to demonstrate how they can be triggered from the thrower. A great primer for anyone looking to start attacking IMs, and we look forward to future entries in the series!