Abstract:
Video conferences are part of our professional, academic, and social lives. With more information being shared through this channel, ensuring the users’ privacy and security are not violated is essential. In this work, we systematically analyzed the security of the video conferencing platform OpenVidu (version 2.28.0). OpenVidu is an open-source platform that uses WebRTC to provide video conferencing capabilities to applications. Our in-depth study of the source code and intensive testing of the platform reveals five security flaws and five security risks to which OpenVidu users are exposed. From this analysis, we extract the necessity for developers integrating OpenVidu into their video conferencing applications to not rely on the security measures put in place by the platform but have a responsibility to secure their applications to protect their users.