How Secure are you with WebRTC?

Posted by Kate Clavet, Content Marketing Specialist on May 24, 2017
Kate Clavet, Content Marketing Specialist

WebRTC Security Image for Blod

In my previous WebRTC post I provided an overview from a simplified, easy-to-understand perspective. But today, I thought it would be pertinent to discuss the hefty security features of WebRTC. It’s safe to say, that with data breaches, ransonware, and phishing schemes dominating the news security and protection is at front of mind. Being that WebRTC is an open-source API it’s important to highlight features that make it an attractive, but secure option.

Protection features when using WebRTC for video conferencing, webinars, or calls can be broken out into four main topics.

1. Browser Trust Model
The browser trust model assumes that the web browser used to connect to the Internet will reasonably protect the browser’s information. Why does this work? If a person is using a widely-known web browser, like Google Chrome or Firefox it is mostly guaranteed that this browser will allow the user to browse the internet safely. Web browsers are updated regularly, and security patches are easily applied in a timely manner, far quicker than if a web browser was an application.

2. Same Origin Policy (SOP)
For the technology to work, SOP scripts are used. What does that mean?  These scripts, tell your computer to do something, perhaps make a call, access your video camera, or use your microphone.  Due to SOP, these scripts run in isolated sandboxes, preventing scripts other than those intended from running maliciously or accidently. For example, when you are logging in to your email account, an advertisement cannot just pop up and steal your log in credentials for malicious use. This prevents communications data from being hijacked or interrupted.

3. Secure Protocols and Encryption 
There are various protocols that WebRTC utilizes to protect your information, they include: Datagram Transport Layer Security (DTLS), Secure Real-time Transport Protocol (or SRTP), and Advanced Encryption Standard (AES).

  • DTLS is a communications protocol for datagram-based applications that prevents eavesdropping or tampering.
  • SRTP encrypts and authenticates messages and provides replay protection to real time transported information in unicast and multicast applications.
  • AES, also referred to as bank-grade encryption is an encryption protocol that is used throughout the U.S. government and many international intuitions to protect highly classified information. AES is used in software and hardware alike to encrypt and secure information.

4. Permission Required for Sharing 
Most WebRTC applications required express permission prior to allowing your browser access to your camera, microphone, or screen sharing. These actions cannot take place prior to the computer user explicitly giving permission. This prevents unauthorized access and hacking of your camera, microphone, or screen.

Aside from delivering imperative protection features, WebRTC is also an asset for real-time communication because it’s economical and easy to deploy. See how WebRTC can keep your remote team and clients closer today, by signing up for a free trial of IPVideoTalk, Grandstream’s web meeting and conferencing service.

Topics: Security, Cloud Services