WebAPI/Security/Wifi: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(Had the wrong page in here (bluetooth))
Line 1: Line 1:
==Web Bluetooth API==
Name of API: Wifi API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737
Reference: http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1
https://wiki.mozilla.org/WebAPI/WebBluetooth


Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and  communicate with Bluetooth devicesThis includes setting properties on  adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.
Brief purpose of API: Read wifi network information (read-only)All network changes should go through settings API.
General Use Cases: None


General Use Cases:
Inherent threats: Privacy(identify user, geolocation,  based on wifi characteristics)


Inherent threats: Privacy, access to sensitive user devices, de-anonimization based on bluetooth state
Threat severity: Moderate
 
Threat severity: high


== Regular web content (unauthenticated) ==
== Regular web content (unauthenticated) ==
*Use cases: None
*Use cases for unauthenticated code:None
*Authorization model for normal content: None
*Authorization model for normal content:
*Authorization model for installed content: None
*Authorization model for installed content:
*Potential mitigations:
*Potential mitigations:


== Trusted (authenticated by publisher) ==
== Trusted (authenticated by publisher) ==
*Use cases: None
*Use cases for authenticated code:
*Authorization model: None
** Wifi sniffer app
*Potential mitigations:
*Use cases for trusted code: Explicit
*Potential mitigations:


== Certified (vouched for by trusted 3rd party) ==
== Certified (vouched for by trusted 3rd party) ==
*Use cases:
*Use cases for certified code: Wifi Manager
*Read bluetooth adapter state
*Start/Stop device discovery
*List discovered devices
*Pair with device
*Authorization model: Implicit
*Authorization model: Implicit
*Potential mitigations: Status indicator showing active bluetooth connection, user can click the  status indicator to cancel the connection.  Any limit on types of devices?
*Potential mitigations:
 
Notes: Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.

Revision as of 22:07, 30 July 2012

Name of API: Wifi API Reference: http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1

Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API. General Use Cases: None

Inherent threats: Privacy(identify user, geolocation, based on wifi characteristics)

Threat severity: Moderate

Regular web content (unauthenticated)

  • Use cases for unauthenticated code:None
  • Authorization model for normal content:
  • Authorization model for installed content:
  • Potential mitigations:

Trusted (authenticated by publisher)

  • Use cases for authenticated code:
    • Wifi sniffer app
  • Use cases for trusted code: Explicit
  • Potential mitigations:

Certified (vouched for by trusted 3rd party)

  • Use cases for certified code: Wifi Manager
  • Authorization model: Implicit
  • Potential mitigations:
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Wifi&oldid=456238"