IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-ip-handling-01.txt

Philipp Hancke <fippo@goodadvice.pages.de> Tue, 26 April 2016 08:11 UTC

Return-Path: <fippo@goodadvice.pages.de>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D82912D0E3 for <rtcweb@ietfa.amsl.com>; Tue, 26 Apr 2016 01:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a91Ds41M4Bnc for <rtcweb@ietfa.amsl.com>; Tue, 26 Apr 2016 01:11:12 -0700 (PDT)
Received: from lo.psyced.org (lost.in.psyced.org [188.40.42.221]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6067C12D0D3 for <rtcweb@ietf.org>; Tue, 26 Apr 2016 01:11:12 -0700 (PDT)
Received: from [192.168.10.131] (ip84-247-137-40.breiband.no [84.247.137.40]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id u3Q8BBIf023633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <rtcweb@ietf.org>; Tue, 26 Apr 2016 10:11:13 +0200
To: rtcweb@ietf.org
References: <20160320223116.8946.76840.idtracker@ietfa.amsl.com>
From: Philipp Hancke <fippo@goodadvice.pages.de>
Message-ID: <571F229C.6090303@goodadvice.pages.de>
Date: Tue, 26 Apr 2016 10:11:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160320223116.8946.76840.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/z_YVMi-ALYJF6Vv-syDINq2ceBA>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-ip-handling-01.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 08:11:14 -0000

Am 20.03.2016 um 23:31 schrieb internet-drafts@ietf.org:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Real-Time Communication in WEB-browsers of the IETF.
>
>          Title           : WebRTC IP Address Handling Recommendations
>          Authors         : Justin Uberti
>                            Guo-wei Shieh
> 	Filename        : draft-ietf-rtcweb-ip-handling-01.txt
> 	Pages           : 8
> 	Date            : 2016-03-20

I stumbled upon a (now deleted) stackoverflow posting yesterday in which 
obfuscated code "used webrtc" to hack the users router.
Basically webrtc was used to get the local ip address from which the 
routers ip is inferred. Then a default admin account is tried.

It turns out the idea is not knew, I heard from some former coworkers 
that they used this in penetration testing before. But it has now 
reached stackoverflow which means there will soon be rumors and all 
kinds of "webrtc allows hacking your router" stories.

The principal problem here is default passwords. WebRTC makes it 
slightly easier by removing the need to run a series of http requests to 
find out the routers ip. Should this be mentioned as an example in #1 of 
the problem statement?

v2.23.0 | Report a Bug | By Email