canmove, Confirmed users
1,220
edits
Security/B2G/USB file-reading API: Difference between revisions
Jump to navigation
Jump to search
no edit summary
Ptheriault (talk | contribs) (Initial security review) |
Ptheriault (talk | contribs) No edit summary |
||
| Line 22: | Line 22: | ||
===Threat Model=== | ===Threat Model=== | ||
{| | {| border="1" | ||
! ID!!Title!!Threat!!Proposed Mitigations!!Threat Agent!!Rating!!Likelihood!!Notes!!Impact!!Notes | ! ID!!Title!!Threat!!Proposed Mitigations!!Threat Agent!!Rating!!Likelihood!!Notes!!Impact!!Notes | ||
|- | |- | ||
| 1||Casual data theft||User has data stolen by an attacker who has limited physical access|| | | 1||Casual data theft||User has data stolen by an attacker who has limited physical access||Disable mounting device while device is locked | ||
|- | |- | ||
| | | ||Attacker with physical access to the phone||mod||||Requires physical device access||||Access sensitive data. | ||
|- | |- | ||
| 2||Casual data tampering||User has data modified by an attacker who has limited physical access||Limiting file access and permissions||Attacker with physical access to the phone||mod||||Requires physical device access||||Potentially make the phone non-functional | | 2||Casual data tampering||User has data modified by an attacker who has limited physical access||Limiting file access and permissions||Attacker with physical access to the phone||mod||||Requires physical device access||||Potentially make the phone non-functional | ||