Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Vulnerability in IP Relay Service Impacts Major Canadian ISPs

A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.

A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.

Also known as telecommunications relay services (TRSs), the IP relays developed by Soleo Communications are available through all major ISPs in Canada.

The cloud-based IP Relay service was launched over half a decade ago to allow hearing-impaired individuals and those with speech disorders to place calls through a TTY (text terminal) or other assistive telephone device.

Because of improper input sanitization, these services exposed sensitive user information, Project Insecurity researcher Dominik Penner discovered.

In a report (PDF) published late last week, the security researcher explains that the security flaw could be abused to determine the layout of the IPRelayApp directory and find the location of the source files on the IP Relay server. All of the discovered files could then be downloaded by an attacker, the researcher says.

The files were found to be classes compiled in Java bytecode, but “a determined attacker would easily be able to convert this directly back to source, compromising source code and other sensitive files,” Penner points out.

The source code also includes passwords the servlet uses to communicate with other services and an attacker able to extract these passwords could then either escalate their privileges on the server or abuse the extracted information in social engineering attacks.

“The end result could be escalated to yield remote code execution, though we were not comfortable attempting to do this before getting in contact with the vendor,” the researcher notes.

Working in collaboration with security researcher Manny Mand, Penner discovered that at least ten Canadian ISPs were running the vulnerable instance of Soleo’s IP Relay. Six of these, Penner says, are the largest telecom providers in Canada.

“[W]e have confirmed that a determined attacker (APT/foreign entity) could leverage this vulnerability to steal passwords from configuration files across multiple providers, compromise said providers using the stolen passwords, and then potentially​  launch a large scale identity theft operation against Canadians,” the researcher says.

An attacker exploiting the vulnerability could compromise over 30 million Canadian records, he said.

The bug was reported to the vendor on July 19 and was confirmed as patched on August 10.

Related: Amazon S3 Bucket Exposed GoDaddy Server Information

Related: Thousands of Organizations Expose Sensitive Data via Google Groups

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).