Is there any security implication of using WebRTC over unencrypted channel for streaming?

Question

I've spend a few hours reading about WebRTC and everywhere it's recommended to use a secure connection for contacting with the signal server, so no MitM attacks could be possible.

However, my project is aimed at video streaming (public), so I really don't care (I think) if someone is eavesdropping the connection to the signal server because it's only information about an already public resource. So... why would I need to use WSS instead of WS? Is there any other attack I may face if I'm not using WSS?

score 1 · Answer 1 · answered Feb 11 '16 at 18:26

1

During the session initiation, through the signaling channel, the peers (two or more) are sharing information about their environment in order to create the stream.

You expose not only yourself (aka your application), but also your users by not using a secure connection.

answered Feb 11 '16 at 18:26

Adrian Ber

121
3

not really, you are not exposing anything that is not already exposed if you were using TLS. – The Illusive Man Feb 11 '16 at 18:46
not really, you will leak IP addresses even behind a VPN. – Adrian Ber Feb 12 '16 at 10:15
the IP leak is a problem we already bear in mind, because in some countries there are legal issues (an IP is considered PII...). But TLS doesn't do anything to protect it, still you have the IP visible. – The Illusive Man Feb 12 '16 at 16:04

score 0 · Answer 2 · answered Feb 12 '16 at 15:52

If you do use ws instead of wss it means your users are on an http webpage and not an https one.

You should use https for webpage to protect your users, thus, you have to use wss (because for obvious security reason, ws is not allowed in https webpage).

Is there any security implication of using WebRTC over unencrypted channel for streaming?

2 Answers2