WebAPI/Security/MobileConnection: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
== Mobile Connection API == | |||
Brief purpose of API: This exposes information about the current mobile voice and data connection to (certain) HTML content. | Brief purpose of API: This exposes information about the current mobile voice and data connection to (certain) HTML content. | ||
Line 22: | Line 17: | ||
Threat severity: High | Threat severity: High | ||
References: | |||
*https://wiki.mozilla.org/WebAPI/WebMobileConnection | |||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/WKMpHavP9-Y/discussion | |||
{| border="1" class="wikitable" | |||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
! Notes & Other Controls | |||
|- | |||
| Web Content || None || No access | |||
|- | |||
| Installed Web Apps || None || No access | |||
|- | |||
| Privileged Web Apps || None || No access | |||
|- | |||
| Certified Web Apps || Telephone status UI || Implicit | |||
|} | |||
==Notes== | === Notes === | ||
Some radio feature are also accessible via Settings API | Some radio feature are also accessible via Settings API | ||
__NOTOC__ | __NOTOC__ |
Revision as of 13:34, 24 September 2012
Mobile Connection API
Brief purpose of API: This exposes information about the current mobile voice and data connection to (certain) HTML content.
Use Cases: The primary use case for this is the status bar of the main phone UI.
Inherent threats: Access to sensitive information such as:
ICC-related (SIM/RUIM card) own phone number and other ICC I/O related features entering PIN, PIN2, PUK, PUK2 to unlock various states of the SIM card. Entering the PIN isn't *that* exotic, actually. Some carriers deliver their SIM cards with the PIN lock enabled, for instance. changing the PIN (also serves as enabling/disabling the PIN lock.) device-related get IMEI, IMEISV depersonalize (remove network lock) baseband-related information and features
Threat severity: High
References:
- https://wiki.mozilla.org/WebAPI/WebMobileConnection
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/WKMpHavP9-Y/discussion
Type | Use Cases | Authorization Model | Notes & Other Controls |
---|---|---|---|
Web Content | None | No access | |
Installed Web Apps | None | No access | |
Privileged Web Apps | None | No access | |
Certified Web Apps | Telephone status UI | Implicit |
Notes
Some radio feature are also accessible via Settings API