https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Data leak

WebRTC Security: Real-Time Data Flaw Leaks Endpoint IP Addresses

  • Written by Derek Handova
  • September 16, 2019
Protect endpoint security and IP addresses from WebRTC data leaks with VPN testing and secure browsers and extensions.

For years, CPaaS API, e-commerce, content management system and other online solutions providers have known that browsers make real-time communications WebRTC security vulnerable to data flaws and IP address leaks. Yet the WebRTC flaw has persisted due to benign neglect, ignorance, sloth or just plain laziness, endangering data privacy for endpoint security customers and their MSSP partners. That’s important because many remote workers such as IT directors, road warriors, computer engineers and other personnel rely on real-time voice and video communications made possible by WebRTC. But they shouldn’t have to risk their endpoint security, IP addresses and data privacy in the process.

GeoEdge's Adi Zlotkin

GeoEdge’s Adi Zlotkin

“WebRTC technology exists in all modern web browsers,” said Adi Zlotkin, head of security at GeoEdge, which has published a white paper on WebRTC malvertising. “WebRTC protocols are an open framework that provides browsers and mobile applications with real-time communications capabilities via simple APIs, allowing platforms to communicate via a common set of protocols. This open source technology is essential in sharing videos, yet can be exploited and used as a white encrypted data channel. Due to its peer-to-peer protocols, the technology is highly attractive to attackers, and the attacks launched are extremely difficult to detect since the data is sent directly between peers.”

So the very capabilities that make real-time communications possible through WebRTC are what put endpoint security at risk. And all the major browsers — Chrome, Edge, Firefox — have WebRTC flaws to some extent, which make WebRTC leaks inevitable.

SecurityScorecard's Alex Heid

SecurityScorecard’s Alex Heid

“WebRTC has powerful features that can reveal the real IP address, location and other identifying metadata about a user,” said Alex Heid, chief R&D officer at SecurityScorecard, a security company with solutions for measuring and communicating security risk. “Even when VPN services or other anonymization technologies are in place, web browsers configured to allow the WebRTC protocol can hypothetically be leveraged by attackers to obtain information about a target system or exploit a vulnerability in the application or browser. The WebRTC framework is open source, and therefore the code is available for analysis by both developers and malicious actors. Widespread adoption of WebRTC indicates this protocol will be a popular client-side attack vector going forward.”

WebRTC Security Leaks and Data Privacy Risks

Any two devices talking to each other directly via WebRTC need to know each other’s real IP addresses, according to network security experts. So in theory, a third-party website can exploit WebRTC leaks in your browser to detect your real IP address and use it to identify you.

Top10VPN.com's Callum Tennent

Top10VPN.com’s Callum Tennent

“Technically, these WebRTC leaks aren’t flaws, they’re simply part of the browser design,” said Callum Tennent, site editor, Top10VPN.com a virtual private network (VPN) review website. “Efficient IP sharing is supposed to provide convenience and speed, so WebRTC uses clever techniques to figure out your true IP address and get around any firewalls that might otherwise prevent your real-time connection from taking place.”

The problem with WebRTC is that it uses techniques to discover your IP address that are more advanced than those used in “standard” IP…

  • Page 1
  • Page 2
  • Page 3
  • Page 4
Tags: MSPs Business of Security Cloud and Edge Endpoint MSSP Insider Network

Related


  • Malware alert
    It's Raining Malware: Understanding and Protecting Against Today's Threats
    From using VPNs to heightened security awareness, companies must work harder to stop attacks as people work from home.
  • Threat protection
    Critical Threat Protection Steps MSSPs, Other Partners Must Take Now
    In this second installment in our series on threat protection, vendors discuss what partners have to do this year.
  • Zero Trust Security
    3 Strategies for Selling Zero Trust in the Channel
    Switching to a zero-trust security approach reduces exposure to potential data breaches and helps drive down fixed costs.
  • Malicious hacker group
    BlackBerry Research: MSSPs Increasingly Targeted by Hacker-for-Hire Groups
    The cybercrime industry has adapted to new digital habits.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Despite SIEM Software Adoption, Threat Coverage Comes Up Short
  • Secureworks Debuts New MSSP Partner Track, Analytics Platform
  • Cybercriminals Now Targeting Unemployment Benefit Claims
  • How Ransomware Is Accelerating in the COVID-19 Era

Galleries

View all

International Women’s Day & Tech: Move Beyond the Conversation

March 8, 2021

Industry Perspectives

View all

What is FirstNet–and What Are the Benefits for Channel Partners?

March 8, 2021

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021
  • 1

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

We celebrate #InternationalWomensDay by highlighting the important conversations and key statistics. @channelsmart… twitter.com/i/web/status/1…

March 9, 2021
ChannelFutures

A UK-based MSP got a lesson in grace when a post intended as a joke was mistaken for online bullying.… twitter.com/i/web/status/1…

March 9, 2021
ChannelFutures

Learn more about #FirstNet and partnering with @GetWirelessLLC. #LTE #firstresponders #connectivity #IoT… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Have you heard? @McAfee is selling its enterprise security business. And 75-year-old founder #JohnMcAfee faces deca… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Today we celebrate the achievements of women worldwide, and we are proud to give the rockstar women in the channel… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

The list of #Accellion FTA breach victims keeps growing. Another bank joined the list over the weekend.… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Happy #InternationalWomensDay! The Channel Futures / @Channel_Online team is proud to support @AllianceofCW and… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

#MSPs can help businesses deal with #cloudcomputing and #cybersecurity pain points, says @Dreamix_Ltd.… twitter.com/i/web/status/1…

March 8, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X