WebRTC was designed for peer-to-peer communication but It is possible to make WebRTC calls interoperable with other IP or legacy networks, by the use of WebRTC to SIP gateways, that have been released by Session Border Controllers and Media Gateway manufacturers, like the Oracle WSC.
This environment opens up big opportunities for new services for residential (OTT services, vertical applications for e-health, online banking, etc.) and corporate users (BYOD, teleworking, etc.). This new bunch of services and devices could mean an opportunity for intruders and attackers that we should prevent.
As we can see in the figure, that shows a typical WebRTC implementation, we have to introduce a webserver (like the Sippo WebRTC Application Controller) that can be hijacked, a new gateway like theOracle WSC (that could be attacked via DoS attacks or illegally accessed) and, finally a smart endpoint (laptop, smartphone,etc) that can be full of viruses and ad-hoc trojans. In addition, we should take care of the ID of the users involved in the WebRTC session.
- TRADITIONAL VOIP ATTACKS
- AD-HOC ATTACKS IN WEBRTC
- SUMMARY