WebAPI/Security/WebTelephony: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Web Telephony
== WebTelephony ==
References:
https://wiki.mozilla.org/WebAPI/WebTelephony
*B2G Meta telephony bughttps://bugzilla.mozilla.org/show_bug.cgi?id=699235
*Web Telephony meta bug:https://bugzilla.mozilla.org/show_bug.cgi?id=674726


Brief purpose of API: Make and receive phone calls
Brief purpose of API: Make and receive phone calls
Line 18: Line 14:
Threat severity: high to critical, confidential information disclosure and direct financial risk
Threat severity: high to critical, confidential information disclosure and direct financial risk


== Regular web content (unauthenticated) ==
References:
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
*WebAPI: https://wiki.mozilla.org/WebAPI/WebTelephony
Authorization model for uninstalled web content: explicit (web activities)
*B2G Meta telephony bug: https://bugzilla.mozilla.org/show_bug.cgi?id=699235
Authorization model for installed web content: explicit (web activities)
*Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/34LUf50tpKA/discussion
 
== Trusted (authenticated by publisher) ==
Use cases for authenticated code:
* Fun dialers (eg. rotary dialer)
Authorization model: explicit (web activities)


== Certified (vouched for by trusted 3rd party) ==
{| border="1" class="wikitable"
Use cases for certified code:
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || click on a phone number in an email or browser to dial || No direct access (access via web activities) || When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.
|-
| Installed Web Apps || As Above || No direct access (access via web activities) || As above.
|-
| Privileged Web Apps || As Above || No direct access (access via web activities) || As above.
|-
| Certified Web Apps ||
* Handler for telephony web activities
* Handler for telephony web activities
* Replacement dialer
* Replacement dialer
* Voice conference software (e.g. connect Voip with a mobile call)?
* Voice conference software (e.g. connect Voip with a mobile call)?
* Mediate incoming calls (accept/reject/merge)
* Mediate incoming calls (accept/reject/merge)
* Query transceiver state
* Query transceiver state  
Authorization model: implicit
|| Implicit
Potential mitigations: none
|}
__NOTOC__
 
[[Category:Web APIs]]
[[Category:Security]]

Latest revision as of 23:42, 1 October 2014

WebTelephony

Brief purpose of API: Make and receive phone calls

General Use Cases: None

Inherent threats:

  • Place calls to high cost numbers,
  • Route calls through high cost network,
  • Direct calls through MITM network (spying).
  • Possibly with audio API, record phone calls, record touch tone signals (account numbers?).
  • In addition, there is a high likelihood that this API will need to be controlled for legal reasons.

Threat severity: high to critical, confidential information disclosure and direct financial risk

References:

Type Use Cases Authorization Model Notes & Other Controls
Web Content click on a phone number in an email or browser to dial No direct access (access via web activities) When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.
Installed Web Apps As Above No direct access (access via web activities) As above.
Privileged Web Apps As Above No direct access (access via web activities) As above.
Certified Web Apps
  • Handler for telephony web activities
  • Replacement dialer
  • Voice conference software (e.g. connect Voip with a mobile call)?
  • Mediate incoming calls (accept/reject/merge)
  • Query transceiver state
Implicit