WebAPI/Security/WebTelephony: Difference between revisions
mNo edit summary |
|||
| Line 22: | Line 22: | ||
Use cases for unauthenticated code: click on a phone number in an email or browser to dial | Use cases for unauthenticated code: click on a phone number in an email or browser to dial | ||
Authorization model for uninstalled web content: | Authorization model for uninstalled web content: Explicit (web activities) | ||
Authorization model for installed web content: | Authorization model for installed web content: Explicit (web activities) | ||
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | ||
| Line 31: | Line 31: | ||
Use cases for authenticated code: As per regular web app. | Use cases for authenticated code: As per regular web app. | ||
Authorization model: | Authorization model: Explicit (web activities) | ||
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | ||
| Line 43: | Line 43: | ||
* Query transceiver state | * Query transceiver state | ||
Authorization model: | Authorization model: Implicit | ||
Potential mitigations: | Potential mitigations: None | ||
Revision as of 21:01, 6 August 2012
Name of API: WebTelephony
Brief purpose of API: Make and receive phone calls
- WebAPI: https://wiki.mozilla.org/WebAPI/WebTelephony
- B2G Meta telephony bug: https://bugzilla.mozilla.org/show_bug.cgi?id=699235
- Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/34LUf50tpKA/discussion
General Use Cases: None
Inherent threats:
- Place calls to high cost numbers,
- Route calls through high cost network,
- Direct calls through MITM network (spying).
- Possibly with audio API, record phone calls, record touch tone signals (account numbers?).
- In addition, there is a high likelihood that this API will need to be controlled for legal reasons.
Threat severity: high to critical, confidential information disclosure and direct financial risk
Regular web content (unauthenticated)
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
Authorization model for uninstalled web content: Explicit (web activities)
Authorization model for installed web content: Explicit (web activities)
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.
Privileged (authenticated by publisher)
Use cases for authenticated code: As per regular web app.
Authorization model: Explicit (web activities)
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.
Certified (vouched for by trusted 3rd party)
Use cases for certified code:
- Handler for telephony web activities
- Replacement dialer
- Voice conference software (e.g. connect Voip with a mobile call)?
- Mediate incoming calls (accept/reject/merge)
- Query transceiver state
Authorization model: Implicit
Potential mitigations: None