Another reason to avoid WebRTC

General discussion and chat (archived)
Walter Dnes
Astronaut
Astronaut
Posts: 650
Joined: 2015-07-30, 20:29
Location: Vaughan, ON, Canada

Another reason to avoid WebRTC

Unread post by Walter Dnes » 2016-12-16, 01:23

From https://www.bleepingcomputer.com/news/s ... r-browser/ which ended up on Slashdot. Javascript in malware 3rd-party ads uses WebRTC to determine the computer's local IP address behind the router/modem, and uses that info as part of attack against the router/modem. It's not just privacy, it's security, too.
The way this entire operation works is by crooks buying ads on legitimate websites. The attackers insert malicious JavaScript in these ads, which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address.
There's a right way
There's a wrong way
And then there's my way

John connor

Re: Another reason to avoid WebRTC

Unread post by John connor » 2016-12-18, 03:07

I have seen more damn hits on my WordPress blog from infected routers it's unreal! And I bet these people wonder why their speed is horrible.

John connor

Re: Another reason to avoid WebRTC

Unread post by John connor » 2016-12-18, 11:42

I have been running my browser without WebRTC for a while with the aid of this link: https://browserleaks.com/webrtc#webrtc-disable

Would that help if one doesn't use an AD blocker?

dark_moon

Re: Another reason to avoid WebRTC

Unread post by dark_moon » 2016-12-18, 13:46

What?
Blocking WebRTC doesn't replace a ad blocker.

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1322
Joined: 2014-02-02, 22:15
Location: Chicagoland

Re: Another reason to avoid WebRTC

Unread post by Nigaikaze » 2016-12-18, 13:50

John connor wrote:I have been running my browser without WebRTC for a while with the aid of this link:
If you are running Pale Moon, then you are running your browser without WebRTC, because Pale Moon does not include WebRTC.
Nichi nichi kore ko jitsu = Every day is a good day.

John connor

Re: Another reason to avoid WebRTC

Unread post by John connor » 2016-12-19, 02:13

dark_moon wrote:What?
Blocking WebRTC doesn't replace a ad blocker.

Apparently the IP address is retrieved using WebRTC in the AD.

Andrew Gilbertson

Re: Another reason to avoid WebRTC

Unread post by Andrew Gilbertson » 2016-12-20, 12:56

dark_moon wrote:What?
Blocking WebRTC doesn't replace a ad blocker.
The attack described in the article linked in the first post in this thread involves malicious JavaScript that triggers WebRTC to send the user's IP to a control server, and the JavaScript is embedded in an ad. So either blocking ads -or- having WebRTC disabled would shut down this particular attack.

Locked