One Leak Is Enough to Expose Them All From a WebRTC IP Leak to Web-Based Network Scanning
WebRTC provides browsers and mobile apps with rich real-time communications capabilities, without the need for further software components. Recently, however, it has been shown that WebRTC can be triggered to fingerprint a web visitor, which may compromise the user’s privacy. We evaluate the feasibi...
Saved in:
| Published in | Engineering Secure Software and Systems pp. 61 - 76 |
|---|---|
| Main Authors | , |
| Format | Book Chapter |
| Language | English |
| Published |
Cham
Springer International Publishing
20.06.2018
|
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3319944959 9783319944951 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-94496-8_5 |
Cover
| Abstract | WebRTC provides browsers and mobile apps with rich real-time communications capabilities, without the need for further software components. Recently, however, it has been shown that WebRTC can be triggered to fingerprint a web visitor, which may compromise the user’s privacy. We evaluate the feasibility of exploiting a WebRTC IP leak to scan a user’s private network ports and IP addresses from outside their local network. We propose a web-based network scanner that is both browser- and network-independent, and performs nearly as well as system-based scanners. We experiment with various popular mobile and desktop browsers on several platforms and show that adversaries not only can exploit WebRTC to identify the real user identity behind a web request, but also can retrieve sensitive information about the user’s network infrastructure. We discuss the potential security and privacy consequences of this issue and present a browser extension that we developed to inform the user about the prospect of suspicious activities. |
|---|---|
| AbstractList | WebRTC provides browsers and mobile apps with rich real-time communications capabilities, without the need for further software components. Recently, however, it has been shown that WebRTC can be triggered to fingerprint a web visitor, which may compromise the user’s privacy. We evaluate the feasibility of exploiting a WebRTC IP leak to scan a user’s private network ports and IP addresses from outside their local network. We propose a web-based network scanner that is both browser- and network-independent, and performs nearly as well as system-based scanners. We experiment with various popular mobile and desktop browsers on several platforms and show that adversaries not only can exploit WebRTC to identify the real user identity behind a web request, but also can retrieve sensitive information about the user’s network infrastructure. We discuss the potential security and privacy consequences of this issue and present a browser extension that we developed to inform the user about the prospect of suspicious activities. |
| Author | Ghafari, Mohammad Hazhirpasand, Mohammadreza |
| Author_xml | – sequence: 1 givenname: Mohammadreza surname: Hazhirpasand fullname: Hazhirpasand, Mohammadreza email: mhhazhirpasand@inf.unibe.ch – sequence: 2 givenname: Mohammad surname: Ghafari fullname: Ghafari, Mohammad |
| BookMark | eNpFkE1PAjEQhqti4oL8Ai-9eKx0tp9zJGRVkk24wLnZLS0o65ZQTPz5rmjiaTLzvpnkecZk1Kc-EPIA_Ak4NzM0lgkmABlKiZpZp67IWAyHy26uSQEagAkh8eY_UDgiBRe8ZGikuCPTnN855yUXCIAFeVz1gdahOdBlplWfPnd7ek60-jqmHOh6Hz7ovOvuyW1suhymf3NCNs_VevHK6tXLcjGvWQY0Z6a9idpsY_St9lEhtlJZ41sZvLEyemUaHyGiVjKGAAosB9nqOLDZbamNmBD4_ZuPp7d-F06uTemQHXD3I8ENRSfcgOYu0G6QIL4BBj1K5g |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing AG, part of Springer Nature 2018 |
| Copyright_xml | – notice: Springer International Publishing AG, part of Springer Nature 2018 |
| DOI | 10.1007/978-3-319-94496-8_5 |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISBN | 3319944967 9783319944968 |
| EISSN | 1611-3349 |
| Editor | Payer, Mathias Such, Jose M. Rashid, Awais |
| Editor_xml | – sequence: 1 givenname: Mathias surname: Payer fullname: Payer, Mathias email: mathias.payer@nebelwelt.net – sequence: 2 givenname: Awais surname: Rashid fullname: Rashid, Awais email: awais.rashid@bristol.ac.uk – sequence: 3 givenname: Jose M. surname: Such fullname: Such, Jose M. email: jose.such@kcl.ac.uk |
| EndPage | 76 |
| GroupedDBID | -DT -~X 29L 2HA 2HV ACGFS ADCXD ALMA_UNASSIGNED_HOLDINGS EJD F5P LAS LDH P2P RSU ~02 |
| ID | FETCH-LOGICAL-s197t-6c7f67dffcb6cf599b4587cb4ec784fc57acf1f9654fee1518014b6f9788d2673 |
| ISBN | 3319944959 9783319944951 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 20:11:05 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-s197t-6c7f67dffcb6cf599b4587cb4ec784fc57acf1f9654fee1518014b6f9788d2673 |
| PageCount | 16 |
| ParticipantIDs | springer_books_10_1007_978_3_319_94496_8_5 |
| PublicationCentury | 2000 |
| PublicationDate | 20180620 |
| PublicationDateYYYYMMDD | 2018-06-20 |
| PublicationDate_xml | – month: 06 year: 2018 text: 20180620 day: 20 |
| PublicationDecade | 2010 |
| PublicationPlace | Cham |
| PublicationPlace_xml | – name: Cham |
| PublicationSeriesSubtitle | Theoretical Computer Science and General Issues |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 10th International Symposium, ESSoS 2018, Paris, France, June 26-27, 2018, Proceedings |
| PublicationTitle | Engineering Secure Software and Systems |
| PublicationYear | 2018 |
| Publisher | Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Hartmanis, Juris Mattern, Friedemann Goos, Gerhard Steffen, Bernhard Kittler, Josef Weikum, Gerhard Naor, Moni Mitchell, John C. Terzopoulos, Demetri Pandu Rangan, C. Kanade, Takeo Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard – sequence: 13 givenname: Gerhard surname: Goos fullname: Goos, Gerhard – sequence: 14 givenname: Juris surname: Hartmanis fullname: Hartmanis, Juris |
| SSID | ssj0002039119 ssj0002792 |
| Score | 1.8911021 |
| Snippet | WebRTC provides browsers and mobile apps with rich real-time communications capabilities, without the need for further software components. Recently, however,... |
| SourceID | springer |
| SourceType | Publisher |
| StartPage | 61 |
| SubjectTerms | Browser security IP leak Web-based network scanner |
| Subtitle | From a WebRTC IP Leak to Web-Based Network Scanning |
| Title | One Leak Is Enough to Expose Them All |
| URI | http://link.springer.com/10.1007/978-3-319-94496-8_5 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT-MwELagXBYOy2PRwgLyAS5EWTVNYjuHPSBUXuJxAFbcIse11dVuU9QE7aq_fmdiJw0tF7hEVVIl8Xz2l5mx5zMhh6bLjWQD5oPvYfzIwFAUUZz4shtqBdzATVWVdnPLLh6jq6f4aVauWFWXlNl3NX2zruQjqMI5wBWrZN-BbHNTOAG_AV84AsJwnHN-X6dZ3XR-oyRos-bauwdO_SvdjEBbi7yimOnw1-RZFm4l4814KEcjOZjoacPM50NppC09ry-3u9RdjuU_8rd3WXj9vNreBzzX_r9nXPMO_W3knfyxvRJbr4sf126C4nZcVuu-vHoPiZpS2jmHQODaqF53Iec4l7WcJc5eBalhiPrDEIgFLW4LgYghlLHcpi33MlRUDK2CqeNTK9Tuvsx2o5gFzm8v88CSLHwW80UaL5NlLqIOWTnpX13_bDJvPRTFRxE7971GCUU712RfCSuA6ldOrEbTrAmNcJXVJp574sJ0euWlPKyTNaxcoVhSAgbbIEs63ySfa5tTZ_NNstrqOlvkCGClCCu9LKiFlZZjamGlCCsFWL-Qx7P-w-mF7zbP8Isg4aXPFIeBNzBGZUyZOEmyKBZcZZFWYBSjYi6VCUzC4shoDX4fyghlzECrxKDHeLhNOvk4118J7UGMLAOphMhkBOGq1OClBiFLBNeBUXKHHNetTnE4FGmthQ03S8MUTJRWJkrBRLvv-fM38mnW_fZIp5y86H1wAsvswKH6HzINUgw |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Engineering+Secure+Software+and+Systems&rft.au=Hazhirpasand%2C+Mohammadreza&rft.au=Ghafari%2C+Mohammad&rft.atitle=One+Leak+Is+Enough+to+Expose+Them+All&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2018-06-20&rft.pub=Springer+International+Publishing&rft.isbn=9783319944951&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=61&rft.epage=76&rft_id=info:doi/10.1007%2F978-3-319-94496-8_5 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon |