How secure is "Firefox Hello"?

Question

The new "Firefox Hello" feature promises easy and safe video conversation. It is not nescessary to create an account, you simply share a link with your partner to start the conversation. The communication is promised to be "private and secure" on this site, but it doesn't actually go in-depth about the techniques that are used. The homepage of webRTC also isn't very informative, as well as their FAQ.

How secure is Firefox Hello? Does it use end-to-end encryption? Does it store Metadata on servers? Could Mozilla decrypt my communication, if requested by law enforcement?

I'm voting to close this question as off-topic because Firefox Hello is [discontinued and has been removed](https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946) from Firefox. — André Borie, Feb 16 '17 at 17:29
I can see your point, but I'm not sure. [This question](https://meta.stackexchange.com/questions/96254/should-stack-overflow-exchange-have-a-mechanism-for-marking-obsolete-questions) on Meta-SO might be relevant. Is there a chance that someone might still find this useful? — dervonnebenaan, Feb 16 '17 at 20:20
I would argue that questions talking about an old technology that can still be used (programming languages, applications, etc) are still useful, questions about online services that are no longer usable aren't - as far as I know the server component of Firefox Hello was never open-sourced so nobody can try and use the thing even if they wanted to. — André Borie, Feb 16 '17 at 21:24
That's a valid point. Should I delete it then, or just leave it closed? — dervonnebenaan, Mar 01 '17 at 08:38
Leave it closed. It was an useful question, and could still be useful for anyone curious. — André Borie, Mar 01 '17 at 10:14

score 10 · Accepted Answer · edited Oct 07 '21 at 07:24

At first here is a small list of all abbreviations used when you explain WebRTC, so if you do not know one you can have a look there: https://hacks.mozilla.org/2013/07/webrtc-and-the-ocean-of-acronyms/

Summary

Here a small summary. More detailed information below.

connections are end-to-end-encrypted
DTLS and SRTP is used for encrypting
peer-to-peer connections are used when possible
- if not possible the traffic may be routed through a TURN server
signalling servers are used to exchange metadata
- the hashes of the certificates used for the encryption of the connection are also exchanged, which makes it possible for the signalling server to perform a Man-in-the-middle attack on the connection
STUN servers are used to get a list of IP addresses used by both conversation partners
- this may be misused for tracking users, but that is more a privacy-issue than a security-issue

Security

WebRTC is a complex technology, but there are some things which can be noted.

At first the reference implementation is open-source and so is the implementation in Firefox. However that's not directly about the technology as it. Additionally the connection is end-to-end encrypted. Non-encrypted modes are explicitly disallowed. For the encrypted connection DTLS (a variant of TLS for UDP) is used (p. 18, PDF) and the audio and video (media) communication is encrypted with SRTP (p. 6, PDF), with the same keys as used for the DTLS handshake (called DTLS-SRTP). For data channels the specification requires SCTP over DTLS. Javascript access to the "key material" used by the DTLS-SRTP connection is not allowed. So this is securely handled in the browser.

Since Firefox 38 Firefox only supports Forward Secrecy suites. In the specification it is recommend to prefer Forward Secrecy cipher suites over non-Forward-Secrecy ones - and all implementations have to support them (p. 19, PDF). Additionally it adds some information about the cipher suites which may be used:

All implementations MUST implement both DTLS 1.2 and DTLS 1.0, with the cipher suites TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA and the DTLS-SRTP protection profile SRTP_AES128_CM_HMAC_SHA1_80.

Additionally it requires a "inspector interface which allows the user to determine the security characteristics of the media". However currently this does not seem to be implemented in Firefox. You can show some details about WebRTC by accessing about:webrtc, but as I see this may be used rather for debugging than for checking the security of the connection.

Routing

It is always tried to make a peer-to-peer connection. To do this STUN servers are used which return the public IP of the user connecting to them. This is used for ICE which - easily said - tries multiple ways to get around the firewall and NATs to create a direct connection to the communication partner.
WebRTC Stun
Image licensed under CC-BY-SA by Mozilla Hacks

If this does not work the process falls back to use TURN which proxies the traffic through a server.

Man-in-the-middle

Basically the certificates used for the encryption are exchanged via signaling channel and therefore a rogue signaling server can MITM the connection. However when so-called Identity Providers are used to verify the identity of the users connection to each other the users can be sure no MITM attack was done on the server. Firefox Hello provides a feature to use Firefox Accounts for logging in, but as I see currently no identity verification is done, so currently you have to trust the signaling servers used by Mozilla.

The connection to the signalling servers is secured as a normal HTTPS connection (although this is not required for WebRTC in general).

More information: How can MITM be performed in WebRTC?

Privacy

The issue mentioned by @schroeder is not a security but a privacy issue. Additionally it is a kind of unwanted, but unavoidable effect which leaks the local IP addresses of the user. In bad configurations in conjunction with a VPN it may even leak the real external IP. However it is discussable whether this is privacy impact.

And if you do not want to use it you can do so. In Firefox 42 features allowing add-ons to interfere and disable parts of WebRTC connections were implemented. Already before the release of Firefox 42 you could (and still can) disable it via about:config. Additionally there are addons for disabling WebRTC.

More resources: Security Considerations by the IETF in the current working draft

Want to drive into the details? Here you can find more information: https://webrtc-security.github.io/

score 10 · Answer 2 · edited Mar 17 '17 at 13:14

10

WebRTC is a P2P technology and performs encryption end-to-end by default.

No metadata on Mozilla's servers. Per session encryption, so Mozilla cannot decrypt.

There may be some vulnerabilities with the technology (i.e. there are), but the design is supposed to address your questions on an architectural level.

edited Mar 17 '17 at 13:14

Community

1

answered Jul 17 '15 at 22:54

schroeder

123,438
55
284
319

score -1 · Answer 3 · answered Jul 19 '15 at 11:53

-1

Sorry to disappoint you folks. WebRTC is being abused by many companies and should be shut down for good.

https://github.com/EFForg/privacybadgerchrome/issues/431

A case in mind is NY Times, which polls the user 12 times a minute and gets local user IPs through a company called WhiteOps.com. The privacy implications of that are left as an exercise to the reader.

answered Jul 19 '15 at 11:53

Deer Hunter

5,297
5
33
50

Thanks for the hint. I'm not quite sure if I got it right, though. As far as I understand it, some webservices are using WebRTC to track people. But this doesn't mean that Firefox Hello itself is vulnerable, right? – dervonnebenaan Jul 23 '15 at 21:16
@dervonnebenaan - If you are OK with somebody using your browser for reconnaissance, there's no vulnerability. – Deer Hunter Jul 23 '15 at 22:30
1

This has nothing to do with Firefox Hello. While Firefox Hello uses the same technology as WebRTC, the way it's used in Hello is unrelated to the privacy issues you may think you have due to WebRTC. – Lie Ryan May 14 '16 at 11:48