Detection of JavaScript Injection Eavesdropping on WebRTC communications
Osman, Ahmed and Abozariba, Raouf and Asyhari, A. Taufiq and Aneiba, Adel and Ben Farah, Mohamed (2022) Detection of JavaScript Injection Eavesdropping on WebRTC communications. In: World of Wireless Mobile and Multimedia, 14th - 17th June 2022, Belfast, UK.
|
Text
Smart_Computing_for_Smart_Cities.pdf - Accepted Version Download (854kB) |
Abstract
WebRTC is a Google-developed project that allows users to communicate directly. It is an open-source tool supported by all major browsers. Since it does not require additional installation steps and provides ultra-low latency streaming, smart city and social network applications such as WhatsApp, Facebook Messenger, and Snapchat use it as the underlying technology on the client-side both on desktop browsers and mobile apps. While the open-source tool is deemed to be secure and despite years of research and security testing, there are still vulnerabilities in the real-time communication application programming interface (API). We show in this paper how eavesdropping can be enabled by exploiting weaknesses and loopholes found in official WebRTC specifications. We demonstrate through real-world implementation how an eavesdropper can intercept WebRTC video calls by installing a malicious code onto the WebRTC webserver. Furthermore, we identify and discuss several, easy to perform, ways to detect wiretapping. Our evaluation shows that several indicators within webrtc-internals API traces can be used to detect anomalous activities, without the need for network monitoring tools.
Item Type: | Conference or Workshop Item (Paper) | ||||||
---|---|---|---|---|---|---|---|
Identification Number: | https://doi.org/10.1109/WoWMoM54355.2022.00084 | ||||||
Dates: |
|
||||||
Uncontrolled Keywords: | Wireless communication, Social networking (online), Machine learning, Malware, Browsers, Security, Monitoring | ||||||
Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems |
||||||
Divisions: | Faculty of Computing, Engineering and the Built Environment > College of Built Environment Faculty of Computing, Engineering and the Built Environment > College of Engineering |
||||||
Depositing User: | Raouf Abozariba | ||||||
Date Deposited: | 02 Nov 2023 14:47 | ||||||
Last Modified: | 20 Jun 2024 11:50 | ||||||
URI: | https://www.open-access.bcu.ac.uk/id/eprint/14154 |
Actions (login required)
View Item |