Connect with us

Hi, what are you looking for?


Network Security

Vulnerability in IP Relay Service Impacts Major Canadian ISPs

A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.

A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.

Also known as telecommunications relay services (TRSs), the IP relays developed by Soleo Communications are available through all major ISPs in Canada.

The cloud-based IP Relay service was launched over half a decade ago to allow hearing-impaired individuals and those with speech disorders to place calls through a TTY (text terminal) or other assistive telephone device.

Because of improper input sanitization, these services exposed sensitive user information, Project Insecurity researcher Dominik Penner discovered.

In a report (PDF) published late last week, the security researcher explains that the security flaw could be abused to determine the layout of the IPRelayApp directory and find the location of the source files on the IP Relay server. All of the discovered files could then be downloaded by an attacker, the researcher says.

The files were found to be classes compiled in Java bytecode, but “a determined attacker would easily be able to convert this directly back to source, compromising source code and other sensitive files,” Penner points out.

The source code also includes passwords the servlet uses to communicate with other services and an attacker able to extract these passwords could then either escalate their privileges on the server or abuse the extracted information in social engineering attacks.

“The end result could be escalated to yield remote code execution, though we were not comfortable attempting to do this before getting in contact with the vendor,” the researcher notes.

Advertisement. Scroll to continue reading.

Working in collaboration with security researcher Manny Mand, Penner discovered that at least ten Canadian ISPs were running the vulnerable instance of Soleo’s IP Relay. Six of these, Penner says, are the largest telecom providers in Canada.

“[W]e have confirmed that a determined attacker (APT/foreign entity) could leverage this vulnerability to steal passwords from configuration files across multiple providers, compromise said providers using the stolen passwords, and then potentially​  launch a large scale identity theft operation against Canadians,” the researcher says.

An attacker exploiting the vulnerability could compromise over 30 million Canadian records, he said.

The bug was reported to the vendor on July 19 and was confirmed as patched on August 10.

Related: Amazon S3 Bucket Exposed GoDaddy Server Information

Related: Thousands of Organizations Expose Sensitive Data via Google Groups

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...