WebRTC: Your Privacy is at Risk

Andreas Reiter, Alexander Marsalek

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.
Original languageEnglish
Title of host publicationProceedings of the Symposium on Applied Computing
PublisherAssociation of Computing Machinery
Pages664-669
Publication statusPublished - 2017

Fingerprint

Communication
Application programming interfaces (API)
Mobile devices
Specifications
Secure communication

Cite this

Reiter, A., & Marsalek, A. (2017). WebRTC: Your Privacy is at Risk. In Proceedings of the Symposium on Applied Computing (pp. 664-669). Association of Computing Machinery.

WebRTC: Your Privacy is at Risk. / Reiter, Andreas; Marsalek, Alexander.

Proceedings of the Symposium on Applied Computing. Association of Computing Machinery, 2017. p. 664-669.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Reiter, A & Marsalek, A 2017, WebRTC: Your Privacy is at Risk. in Proceedings of the Symposium on Applied Computing. Association of Computing Machinery, pp. 664-669.
Reiter A, Marsalek A. WebRTC: Your Privacy is at Risk. In Proceedings of the Symposium on Applied Computing. Association of Computing Machinery. 2017. p. 664-669
Reiter, Andreas ; Marsalek, Alexander. / WebRTC: Your Privacy is at Risk. Proceedings of the Symposium on Applied Computing. Association of Computing Machinery, 2017. pp. 664-669
@inproceedings{11b641feb43a40dbb197ab63e0017a40,
title = "WebRTC: Your Privacy is at Risk",
abstract = "New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.",
author = "Andreas Reiter and Alexander Marsalek",
year = "2017",
language = "English",
pages = "664--669",
booktitle = "Proceedings of the Symposium on Applied Computing",
publisher = "Association of Computing Machinery",
address = "United States",

}

TY - GEN

T1 - WebRTC: Your Privacy is at Risk

AU - Reiter, Andreas

AU - Marsalek, Alexander

PY - 2017

Y1 - 2017

N2 - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.

AB - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.

M3 - Conference contribution

SP - 664

EP - 669

BT - Proceedings of the Symposium on Applied Computing

PB - Association of Computing Machinery

ER -

Related content

Projects

A-SIT - Secure Information Technology Center Austria

Project: Research area