WebAPI/Security/Wifi: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Web Bluetooth API==
== Wifi API ==
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.
https://wiki.mozilla.org/WebAPI/WebBluetooth


Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and  communicate with Bluetooth devices.  This includes setting properties on  adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.
General Use Cases: None


General Use Cases:
Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)


Inherent threats: Privacy, access to sensitive user devices, de-anonimization based on bluetooth state
Threat severity: Moderate


Threat severity: high
{| border="1" class="wikitable"
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || None || No access ||
|-
| Installed Web Apps || None || No access ||
|-
| Privileged Web Apps || Wifi sniffer app || Explicit ||
|-
| Certified Web Apps || Wifi Manager || Implicit ||
|}


== Regular web content (unauthenticated) ==
[[Category:Web APIs]]
*Use cases: None
[[Category:Security]]
*Authorization model for normal content: None
*Authorization model for installed content: None
*Potential mitigations:
 
== Trusted (authenticated by publisher) ==
*Use cases: None
*Authorization model: None
*Potential mitigations:
 
== Certified (vouched for by trusted 3rd party) ==
*Use cases:
*Read bluetooth adapter state
*Start/Stop device discovery
*List discovered devices
*Pair with device
*Authorization model: Implicit
*Potential mitigations:  Status indicator showing active bluetooth connection, user can click the  status indicator to cancel the connection.  Any limit on types of devices?
 
Notes: Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.

Latest revision as of 23:43, 1 October 2014

Wifi API

Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.

General Use Cases: None

Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)

Threat severity: Moderate

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps Wifi sniffer app Explicit
Certified Web Apps Wifi Manager Implicit
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Wifi&oldid=1021355"