Security

FIDO at LINE: FIDO2 server as an open-source project

Hello, this is Kyungjoon from the Security R&D team. I work as a FIDO (Fast Identity Online) engineer. Continuing from our last post FIDO at LINE: A First Step to a World Without Passwords, I would like to introduce you to FIDO2, and also share my experiences from participating in the interoperability testing event hosted by the FIDO Alliance earlier this year in March. Lastly I will talk about our very own LINE FIDO2 server, which will be made available as an open-source project.

Monitoring to prevent game cheating

It has been six years since we’ve began LINE GAME, and over those six years we’ve been through many experiences. Today, I’d like to share some lessons we’ve learned along the six-year journey of LINE GAME, specifically focusing on how we used monitoring to prevent game cheating. When I say “game cheat” in this blog […]

How AIR ARMOR checks iOS Code Signing

AIR ARMOR is a security solution of AIR; AIR is a component of the LINE GAME PLATFORM. You can refer to Seunghoon’s posting on AIR GO and APK Signing for information on the APK signature scheme. For this posting, I’ll explain about iOS code signing, one of Apple’s security mechanism. Code signing is to verify the integrity of the software code […]

LINE Security Bug Bounty Program Report 2018

Hello, this is Kazuhiro Kubota from the LINE Security Department. Last time we brought you the report for the first half of 2018. Today, I’d like to summarize the results of the LINE Security Bug Bounty program for 2018. Number of reports in 2018 In 2018, a total of 88 reports qualified for the program. This figure is almost twice as many […]

FIDO at LINE: A First Step to a World Without Passwords

Getting closer to a world without passwords Today we are happy to announce that LINE has achieved the world’s first FIDO Universal Server certification (as a service provider1) for our authentication server — LINE Authentication Server. With FIDO authentication, LINE users can sign in and authenticate both using biometrics (for example, face and fingerprint), as well as with […]

Buffer overflow in PJSIP, a VoIP open source library

Hi all, I am Youngsung Kim (Facebook, Twitter) of the Application Security team at LINE and am in charge of evaluating security of LINE services. On this post, I’d like to share a vulnerability (CVE-2017-16872, AST-2017-009) of PJSIP, a VoIP open source library. PJSIP is a multimedia communication library based on the following standard protocols; SIP, SDP, RTP, STUN, TURN, and ICE. The Asterisk framework, widely used on IP-PBX and VoPI gateway has an SIP stack implemented based on PJSIP.

The cause of the vulnerability was due to incautiousness about sign extension for Integers in the process of converting signed int to unsigned long when handling client’s SIP requests on 64-bit environment. There was no window to report the security issue to the PJSIP development teams, so I made my report to the Asterisk’s security page. Afterwards, I’ve consulted with George Joseph, an engineer at Asterisk, and the patch (PJSIP patch, Asterisk patch) has been applied on the pjproject v2.7.1. I’d like to express my gratitude to George for processing the patch.

LINE Security Bug Bounty Program Report 2017

Hello again, this is Myoungje Yi (MJ) from LINE’s security team. I’d like to share our annual report on running the LINE Security Bug Bounty Program in 2017.

Program scope expansion & donation option

The ‘LINE Security Bug Bounty Program’ aims to provide LINE users the most secure service by fixing potential vulnerabilities in advance, by getting reports from external security researchers. As we have already mentioned in our previous post, we have expanded the program scope in 2017, which resulted in an increased number of reports submitted. In November 2017, we have added an option allowing reporters to donate their reward.

LINE and Intertrust Security Summit 2017 Spring, Tokyo 1

Hello, this is Ichihara from the LINE security team. I am in charge of security consultation for LINE services, providing countermeasures for account hacking and abusing, researching authentication technology, and engaging in standardization activities.

Today, I would like to share with you an event titled, “LINE and Intertrust Security Summit 2017 Spring, Tokyo”, co-hosted by LINE and Intertrust on May 17. I will cover this event over two posts; this is the first part of the recap. Have a look at the second part from here

Here is a few basic information of the event.


LINE and Intertrust Security Summit 2017 Spring, Tokyo 2

Hello, this is Ichihara from the LINE security team. I am in charge of security consultation for LINE services, providing countermeasures for account hacking and abusing, researching authentication technology, and engaging in standardization activities.

Today, I would like to share with you an event titled, “LINE and Intertrust Security Summit 2017 Spring, Tokyo”, co-hosted by LINE and Intertrust on May 17. I will cover this event over two posts; this is the second part of the recap. Have a look at the first part from here

Here is a few basic information of the event.