Announcing Secure Trunks

Elastic SIP Trunks encrypted with SRTP & TLS

Today we are happy to announce the general availability of Secure Trunks. This launch makes further security available on all Elastic SIP Trunks, by enabling customers to use Secure Real-time Protocol (SRTP) to encrypt media and Transport Layer Security (TLS) to encrypt signaling. This encryption allows businesses with strict information security practices to reap the benefits of both SIP trunks and cloud communications. Secure Trunks With Secure Trunks,… Read More

How to Protect Your Android Phone From the Stagefright Bug


Earlier this morning, a vulnerability was disclosed for Android phones performing a remote code execution over MMS. Dubbed “Stagefright“, the vulnerability exploits SMS/MMS clients by sending a malformed media file to the user which is automatically downloaded by the default client. If you’re using Google Hangouts as your default SMS client, here’s how to protect your device from Stagefright by disabling automatic downloading of media files sent… Read More

Getting Started Placing Outbound Calls with Twilio Elastic SIP Trunking and FreeSWITCH


A couple of weeks ago we announced the public beta of Elastic SIP Trunking, a new way to connect your SIP gear to the world through Twilio. With Elastic SIP Trunks, you can say sayonara to artificial constraints to scaling and pricing shenanigans. We think this new way of consuming SIP connectivity offers longtime VoIP network administrators and engineers an instantly provisioned, powerfully resilient alternative to… Read More

Security Update for CVE-2014-6271 (Shellshock)

On Wednesday morning, September 24, 2014, the Twilio security team became aware of a code-injection vulnerability in bash dubbed CVE-2014-6271 and nicknamed “Shellshock.” While Twilio does not expose any of the services identified as vulnerable in this disclosure to the public Internet, our operations team responded immediately to upgrade affected bash versions across the Twilio infrastructure.  That effort was completed in the afternoon on Wednesday. Our… Read More

How To Build Your Own MMS Enabled Motion Activated Security Camera With Linux, Python and S3

Horseman Caught On MMS

Holy biscuits was last week a barrel of monkeys.  All of us at Twilio have had a beastly boatload of fun seeing the stuff you’ve started building with Twilio MMS.  Many of you blazed through Kevin’s Getting Started with MMS tutorial over the weekend to get started on your hacks and, of course, seeing all your mustached faces with the example project we built last week… Read More

Customer Security Notice on CVE-2014-0160 / Heartbleed Disclosure

The engineering team at Twilio has been working to assess the impact for our customers in the wake of April 7th’s disclosure of CVE-2014-0160, known colloquially as Heartbleed. We join nearly every service provider on the Internet responding to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response.  Our obligation as a custodian of your communication compels a… Read More

Reporting Security Vulnerabilities

Ensuring the security and integrity of the Twilio platform is critical to the service we provide our customers. We are committed to providing a secure product and appreciate help from the community in responsibly identifying ways for us improve Twilio. Last week we added a new page to describing how to report security vulnerabilities. If you believe you’ve found a security vulnerability, please send an email to… Read More

How to Build Phone-based Two-Factor Authentication With Twilio

 Security is one of the most frustratingly vital and complex things we have to deal with in application development. On one side, we have make sure our information is protected against corruption and unauthorized access while at the same time, we need to make sure the right people have access to the right data at the right time. Failure in either direction will cause annoyance and… Read More

HTTP Authentication for Twilio – Access Password Protected URLs

If you’ve tried to host your TwiML files at a secure URL, you already know that in the past Twilio only supported GET and POST to publicly accessible URLs.  But no longer! New Feature: HTTP Auth with Twilio Now Twilio supports HTTP Basic and Digest Authentication.  This allows you to password protect your TwiML URLs on your web server, so that only you and Twilio can… Read More