WebRTC: Your Privacy is at Risk

Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.
Original languageEnglish
Title of host publicationProceedings of the Symposium on Applied Computing
PublisherAssociation of Computing Machinery
Pages664-669
Publication statusPublished - 2017

Fingerprint Dive into the research topics of 'WebRTC: Your Privacy is at Risk'. Together they form a unique fingerprint.

Cite this