The question whether WebRTC is secure has been troubling many. WebRTC is an open-source technology available for free on any Web browser and it is plug-in free. As such WebRTC users fear hackers might be able to listen in on conferences, access user data, or even private networks.
As with any file or software you may download from the internet, it’s extremely dangerous if your PC doesn’t have secure firewall configurations. The same applies for downloading VoIP applications. With WebRTC however there’s no need to worry about this, as you don’t need to install any plugins or clients on your PC.
Security and encryption is not an optional WebRTC feature, as it has native built-in features that address security concerns. What’s more, WebRTC offers end-to-end encryption between peers on almost any server ensuring safe, private and secure real-time communications.
WebRTC requires the user to explicitly allow access to his camera and microphone. This ensures that the user is made aware that his camera and microphone will be turned on. When the user allows access, a red dot will appear on that tab, providing a clear indication to the user, that the tab has media access.
Prior to using WebRTC, users are notified that a specific website is trying to access their camera and microphone. If a tab has access to their media devices, users are also notified by the browser with a blinking red spot on the tab.
For WebRTC to transfer real time data, the data is first encrypted using the DTLS (Datagram Transport Layer Security) method. This is a protocol built into all the WebRTC supported browsers from the start (Chrome, Firefox and Opera). On a DTLS encrypted connection, eavesdropping and information tampering cannot take place.
Other than DTLS, WebRTC also encrypts video and audio data via the SRTP (Secure Real-Time Protocol) method ensuring that IP communications – your voice and video traffic – can not be heard or seen by unauthorised parties.
Just like anything you do online, whether downloading a VoIP application like Skype, downloading a movie, or even transferring information and files via email, there is a risk of malicious intrusions. However, WebRTC technology safeguards the transmission of sensitive data through the standards explained above, ensuring secure real time communications.
Reference: Ilya Grigorik, (2013) High Performance Browser Networking,O’Reilly Media (Chapter 18)