WebRTC: Your Privacy is at Risk

Andreas Reiter; Alexander Marsalek

WebRTC: Your Privacy is at Risk

Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.

Original language	English
Title of host publication	Proceedings of the Symposium on Applied Computing
Publisher	Association of Computing Machinery
Pages	664-669
Publication status	Published - 2017

A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area

Cite this

@inproceedings{11b641feb43a40dbb197ab63e0017a40,

title = "WebRTC: Your Privacy is at Risk",

abstract = "New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user{\textquoteright}s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user{\textquoteright}s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user{\textquoteright}s privacy is protected.",

author = "Andreas Reiter and Alexander Marsalek",

year = "2017",

language = "English",

pages = "664--669",

booktitle = "Proceedings of the Symposium on Applied Computing",

publisher = "Association of Computing Machinery",

address = "United States",

}

TY - GEN

T1 - WebRTC: Your Privacy is at Risk

AU - Reiter, Andreas

AU - Marsalek, Alexander

PY - 2017

Y1 - 2017

N2 - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.

AB - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.

M3 - Conference paper

SP - 664

EP - 669

BT - Proceedings of the Symposium on Applied Computing

PB - Association of Computing Machinery

ER -

WebRTC: Your Privacy is at Risk

Abstract

Fingerprint

Projects

A-SIT - Secure Information Technology Center Austria

Cite this