fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Recent Google Voice Outage Caused By Expired Certificates

Recent Google Voice Outage Caused By Expired Certificates

In an incident report published on Friday, Google said that a Google Voice outage affecting a majority of the telephone service’s users earlier this month was caused by expired TLS certificates.

This worldwide outage prevented most Google Voice users from logging into their accounts and using the service for more than four hours between February 15th and February 16th, 2021.

“Google Voice users experienced an issue in which some new inbound or outbound Voice over Internet Protocol (VoIP) calls failed to connect, for a total duration of 4hours 22 minutes,” the incident report reads.

“Peak impact occurred at approximately 03:00, at which time mitigation efforts began to reduce failure rates.”

Also Read: How To Comply With PDPA: A Checklist For Businesses

During regular operation, voice calls made through Google Voice are controlled using the Session Initiation Protocol (SIP), with client devices immediately retrying their connection to the service once it breaks.

Transport Layer Security (TLS) certificates used to encrypt all Google Voice traffic are also rotated regularly to keep the connections and traffic secure.

Google Voice outage root cause and impact

“Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue,” Google explained.

“During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so.”

After the expired certificates triggered the outage, users could not access the Google Voice service to make or receive VoIP calls.

However, client devices that already had an active SIP connection before the incident were unaffected during the outage (as long as the connection was not interrupted).

“After investigating, the engineering team determined that certificate configuration was the root cause,” Google added. The team generated updated certificates and configuration information and began an emergency rollout of this data to frontend systems.”

After rolling out the mitigation, affected Google Voice SIP clients restored functionality after retrying their connection to the service.

Measures to prevent future outages

The Google engineering team is taking several actions designed to prevent a similar issue from occurring again and decrease the impact of future outages.

As the Google Workspace Team that published the incident report said, the engineers are taking the following measures:

  • Configure additional proactive alerting for upcoming certificate expiration events.
  • Configure additional reactive alerting for TLS errors in Google Voice frontend systems.
  • Improve automated tooling for certificate rotation and configuration updates.
  • Utilize more flexible infrastructure for rapid deployment of configuration changes.
  • Update resource allocation systems to more efficiently provision emergency resources during incidents.
  • Develop training and practice scenarios for emergency rollouts of Google Voice frontend systems and configurations.

In December 2020, Google suffered a global authentication system outage that affected most of its consumer-facing services, including Gmail, YouTube, Google Drive, Google Maps, and Google Calendar.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

As Google explained later that month, that incident was caused by a bug in the automated quota management system, which blocked users from logging into their accounts and authenticating to Google Cloud services.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us