WebRTC allows users to set up video connections directly between browsers and devices without the use of plugins or app downloads. The protection provided by the browser is an important differentiator from other video conferencing technology used by Zoom or Facetime.
No App Download
WebRTC connection in a browser is a safer and more secured way of video communication because it does not install anything on your device
TABLE OF CONTENTS
Why is the browser secure?
Browsers help to add security protection in a number of ways.
No more Plug-Ins or App Installs
Without WebRTC, a plug-in must always be installed on the client's computer/device prior to starting a video conference. This adds a level of risk to the video conference for a couple of reasons. First, nefarious actors are able to design malicious plug-ins that are designed to put you at risk. While some of these can be easy to spot, others are disguised to look like their reputable counterparts. Second, even reputable plug-ins can have vulnerabilities. They may serve a legitimate (and useful) purpose but they can have vulnerabilities that could be exploited by a third party. WebRTC is inherently safer because it does not install anything on your device. It removes the risk associated with malware or other undesirable software installations that may be disguised as a plug-in.
Fast Security Patches
Major browser vendors like Apple, Google, Microsoft, and Mozilla take security very seriously. When a security risk is discovered internally by their teams, or externally by hunters for bug bounty programs, they create and deploy patches extremely quickly, often far quicker than UC platform vendors. While security loopholes can still theoretically be uncovered, users of WebRTC can remain confident that those issues will be addressed expediently and automatically.
Automatic Software Updates
The major browsers also offer automatic software updates. This allows any potential security threats to be addressed without the end-user needing to opt-in to the update. Relying on your employees or other end users to stay up to date with software updates is inherently unreliable. While some users may be diligent with their updates there are others who will ignore, delay, or forget which can put organizations at risk. WebRTC security benefits from automatic browser updates mitigating all of this risk.
Media Access
We’ve all heard the stories of webcams being hijacked by a third party to record private conversations. For instance, the FaceTime bug allowed users to listen in on the people they are calling and even see through their camera, without them answering the call.
But the WebRTC specification takes active measures to ensure that issues like the FaceTime bug can never happen. First, it is not possible for a WebRTC application to arbitrarily gain access to your camera or microphone without your consent. While an application or website is allowed to ask the user for one-time or permanent access, it is not able to gain access without express permission. When a media request is made, a pop-up window will ask your permission to access your device before transmitting any information. Furthermore, whenever a device is in use, WebRTC requires that the browser UI clearly indicates when a microphone or camera is in use so you can be sure that there is no risk of potential eavesdropping.
Encryption
Encryption is a mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
The best practice for this is to use perfect forward secrecy (PFS) ciphers in a DTLS (Datagram Transport Layer Security) handshake to securely exchange key data (this is the method Frozen Mountain uses). For audio and video, key data can then be used to generate AES (Advanced Encryption Standard) keys which are in turn used by SRTP (Secure Real-time Transport Protocol) to encrypt and decrypt the media. This acronym-rich stack of technologies translates to extremely secure connections that are impossible to break with current technology. Both WebRTC and ORTC mandate this particular stack, which is backwards-compatible and interoperable with VoIP systems.
HTTPS - Added Protection
WebRTC has taken security a step further by introducing new requirements that stipulate that WebRTC enabled connections can only be established over a secure connection. This means that all WebRTC applications must be (Hypertext Transfer Protocol Secure) HTTPS compliant.
The S in HTTPS is responsible for authenticating the website as well as encoding data exchanges on the website to protect your data transmissions from hackers or other malicious parties. This means that not only does the page need to be secure in order for a connection to be established, it also means that the server you communicate with from that page also needs to be secure.
Is Blitzz Secure?
Although WebRTC is very secure, Blitzz takes extra precautions to ensure that your communications are kept safe. Learn more about Blitzz Security here.
WebRTC has big advantages over other video conferencing solutions in the area of security. Whereas some applications treat security as optional, WebRTC mandates security as part of the specification. So if you are considering using WebRTC for your real-time communications, you can rest easy knowing your conversations are safe.