Skip to content

Building a wiretap in your browser

One day I was reading on phone malware that covertly tries to record audio, and wondered why there is no such discussion on desktop computers. I thought about WebRTC, the (rather new) standard for audio and video transmission on the web, which allows Peer-to-Peer connections. That would make for a great universal recording experience, without the need to install an app or download some executable.

So I started tinkering with WebRTC libraries and stumbled upon PeerJS, which seemed to be the easiest way for a quick & dirty prototype of an idea. It turns out that in fact, creating a WebRTC connection was easy. It is the compatibility of different browsers that makes it difficult to create a solution that works everywhere.

Funnily enough, I came up with a small server-client solution where the server only runs on Chrome, while the client can run on both Firefox and Chrome, but more stable on Firefox…did I mention that I hate Javascript and browsers?

How WebRTC connections work

From my limited understanding of the example I built, WebRTC is p2p, but you need a centralized server to match two (or more) hosts. For PeerJS, the server is open-source and on GitHub, so you can either use their free Cloud instance or set up an own instance. I used the free offering, which basically creates a unique ID that needs to be shared with the other host. In my example, when the server part connects to the cloud service to retrieve the ID, a URL to the client is created, such that you only need to copy this URL into any browser that should act as the monitored system.

Imagine the following threat model: You want to eavesdrop on a private conversation in a meeting room, which has a notebook in there. So, you simply enter the URL created above, click on “run” and a very small window pops up, asks for video and audio permissions and minimizes itself. Now you can leave the room, return to your own computer and listen to the conversation.

What I created is nothing more than a one-directional browser video chat with audio recording. The recording has the typical “problems” for attackers: You get a permanent notification about being recorded (Firefox only?), a webcam LED lights up (with most integrated webcams), and you need physical access to accept the permission requests. But still, it is really easy to set up and leaves almost no traces.

Check out the code and, if you find any ways to improve the code, leave a comment below!

Published inIT-SecurityTips and Tricks

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *