Security in WebRTC: Safer Communications Built Into the Browser

Security features of WebRTC, Wildix magazine article

Transferring data to another device always comes with risks. When information moves, it leaves the local protections of your device or server and, newly vulnerable, it becomes a prime target for interception and attack.

This doesn’t only apply to one-off data exchanges like emails or file transfers, either. Ongoing internet connections, such as your link to a webpage, can also be broken into and tampered with — and unfortunately, this means that VoIP (Voice over Internet Protocol) communications are especially subject to foul play.

Hackers know that when you join a VoIP call, there’s a good chance you’ll discuss confidential (and therefore highly valuable) information, from account credentials to financial data. And depending on your setup, they may not need to do much work to get it. On its own, a VoIP channel can be easily tapped by hackers, and your data can quickly become compromised. If you don’t have a reliable way of keeping that channel secure, every phone call will be a breach waiting to happen.

But there’s a simple, convenient tool that secures web communications as soon as you use it: WebRTC, the protocol Wildix has been implementing for over 10 years. Not only is the WebRTC standard reliable, with the right setup, it secures your communications the very second you connect to your VoIP system through the browser.

Reevaluate your online communications with this essential guide on why WebRTC is the new standard in VoIP security.

What is WebRTC?

WebRTC (short for “Web Real-Time Communications”) is an open source protocol for relaying audio and video communications across the internet in, well, real time.

Developed and first released by Google in 2011, WebRTC provides web browsers with an easy way to talk to one another directly, without the plug-ins or proprietary platforms usually needed for that communication. Since WebRTC is open source and adopted by all major browsers, any browser-based application can utilize it to exchange live audio and video with zero additional installations.

To connect web browsers, WebRTC combines three main protocols:

  • MediaStream: This component establishes access to a device’s input peripherals (mic, webcam, etc.) and streaming media, then shares that media with all connected browsers. It also regulates how the system captures that media and
  • RTCDataChannel: This component creates a channel for exchanging other arbitrary data between browsers, ensuring that audio and video elements can be exchanged over their own dedicated line and reach users more quickly.
  • RTCPeerConnection: This component connects browsers directly to one another, rather than specifying that all browsers connect to a server. Thanks to this direct, peer-to-peer connection, WebRTC makes communicating over the browser faster and safer than server-based options.

Thanks to how freely available and easy to use this technology is, it’s very much become the standard for online telecommunications. And what’s better still is WebRTC does all of that while also maintaining great security right out of the box.

Security in WebRTC

Communications over WebRTC are automatically secured by the technology’s design. Here, we’ll go through the biggest ways how.

Peer-to-Peer Connections

As we said earlier, WebRTC uses direct peer-to-peer connections to exchange media. While there is a third-party server involved in most WebRTC exchanges (more on that later), for the most part, your data exchange will involve only you and other users on your call.

This model is great for your security because it reduces the number of endpoints that your data reaches — and the fewer entities that handle your data, the fewer opportunities hackers have to intercept it.

Browser-based Design

Since it exists in the browser, WebRTC gets to enjoy all the security features of that browser. That’s actually pretty significant, because web browsers are designed to be extremely secure just by virtue of the fact that they’re regularly in contact with lots of different web traffic.

Specifically, being hosted in the browser means WebRTC will only make connections if the browser can sufficiently approve them first. Again, browsers are consistently effective at authenticating third parties, so this alone eliminates a huge number of potential threats.

Being browser-based also makes WebRTC secure against attacks coming from inside your device. If your smartphone or laptop is infected with malware, for instance, it won’t be easy for it to affect WebRTC — after all, since it’s not a plugin or add-on, it was never really installed on your device to begin with.

Finally, WebRTC automatically updates to the latest version right when you update your browser, so there’s very little chance of you missing an important security patch.

Encryption

This is easily the biggest gun in WebRTC’s security arsenal. Basically, encryption scrambles your data using a secret code (or “decryption key”) that’s made available only to other participants in the exchange. With those measures in place, anyone without the decryption code won’t be able to read your data even if they manage to hack in and get it.

But for encryption to work effectively, it has to use highly complex algorithms to reliably encode data. Fortunately, WebRTC uses two of the most advanced cryptographic protocols: Datagram Transport Layer Security (DTLS)​ and Secure Real-Time Protocol (SRTP)​. Together, both encrypt your data with exceptionally high randomization while making sure only authorized parties have access to the decryption key.

How can they be so sure who’s authorized? That’s done through a brief exchange to a third-party server, called a “signaling server”, which confirms the online identity of connected users. Then, it issues them a digital “certificate” with both a public version of the decryption key and a confirmation that the user really is who they say they are.

Essentially, the only way to get the decryption key at all is to undergo a verification process, and even afterwards, the only way the decryption key will be accepted is if it’s presented alongside proof of that verification.

Since all these standards are on by default, it’s pretty hard to steal data exchanged over WebRTC. Again, if someone were to break into your session, they’d only make off with unusable versions of your data, keeping your communications safe even in the event of a hack.

WebRTC, Simpler VoIP Security

All these components come together especially well for VoIP communications because of just how effectively they blend convenience and security.

Simplicity matters a lot for security, because in general, users tend to prefer simple approaches to tasks over complex ones. So, when security is complex, they’ll either not implement it or find ways around it.

And let’s face it: Installing extra apps is a pain. It takes time to install an extra conferencing or calling app, and even more to bring on additional security measures. With how much work we typically do right in web browsers especially, it tends to be far simpler to just run programs directly through them instead.

Security within the web browser, meanwhile, is reliable simply because it’s so easy, it works invisibly in the background. This way, the user can’t turn security features off and they’re unlikely to circumvent them, making secured communications the default.

Thanks to that simplicity, it’s little wonder WebRTC is very much the standard in VoIP security these days. And as the standard, WebRTC lays down common standards on best security practices, but with the benefit of doing so as an open-source program. Since it’s not bound to any one developer, WebRTC doesn’t care what browser you’re using, what app you’re connecting to or even what OS you’re running — no matter what, it provides total two-way protection for your data, all without any additional work, input or installations.

Find out all the ways Wildix makes use of WebRTC for security and simplicity with our free white paper.

For more tips on cybersecurity and fixing vulnerabilities in IT, subscribe to receive our magazine for free!

Social Sharing