WebAPI/Security/WebTelephony: Difference between revisions

Name of API: WebTelephony

Brief purpose of API: Make and receive phone calls

• WebAPI: https://wiki.mozilla.org/WebAPI/WebTelephony
• B2G Meta telephony bug: https://bugzilla.mozilla.org/show_bug.cgi?id=699235
• Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
• Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/34LUf50tpKA/discussion

General Use Cases: None

Inherent threats:

• Place calls to high cost numbers,
• Route calls through high cost network,
• Direct calls through MITM network (spying).
• Possibly with audio API, record phone calls, record touch tone signals (account numbers?).
• In addition, there is a high likelihood that this API will need to be controlled for legal reasons.

Threat severity: high to critical, confidential information disclosure and direct financial risk

Regular web content (unauthenticated)

Use cases for unauthenticated code: click on a phone number in an email or browser to dial

Authorization model for uninstalled web content: Explicit via web activities

Authorization model for installed web content: Explicit via web activities

Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.

Privileged (approved by app store)

Use cases for authenticated code: As per regular web app.

Authorization model: Explicit (web activities)

Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.

Certified (system-critical applications)

Use cases for certified code:

• Handler for telephony web activities
• Replacement dialer
• Voice conference software (e.g. connect Voip with a mobile call)?
• Mediate incoming calls (accept/reject/merge)
• Query transceiver state

Authorization model: Implicit

Potential mitigations: None