WebAPI/Security/Wifi

From MozillaWiki
< WebAPI‎ | Security
Revision as of 22:07, 30 July 2012 by Ladamski (talk | contribs) (Had the wrong page in here (bluetooth))
Jump to navigation Jump to search

Name of API: Wifi API Reference: http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1

Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API. General Use Cases: None

Inherent threats: Privacy(identify user, geolocation, based on wifi characteristics)

Threat severity: Moderate

Regular web content (unauthenticated)

  • Use cases for unauthenticated code:None
  • Authorization model for normal content:
  • Authorization model for installed content:
  • Potential mitigations:

Trusted (authenticated by publisher)

  • Use cases for authenticated code:
    • Wifi sniffer app
  • Use cases for trusted code: Explicit
  • Potential mitigations:

Certified (vouched for by trusted 3rd party)

  • Use cases for certified code: Wifi Manager
  • Authorization model: Implicit
  • Potential mitigations: