MozillaWiki

Security/B2G/USB file-reading API

< Security‎ | B2G
Revision as of 08:21, 17 May 2012 by Ptheriault (talk | contribs)
Please use "Edit with form" above to edit this page.

Project Info

USB File Reading API
Project Page `
Next Milestone `
Security Resource `

{{#set:Component=USB File Reading API |Project=` |Milestone=` |Resource=` }}

Security Information

Status: OK
Securtiy Approved for Beta Launch?: No
Data Flow Diagram: `
Threat Model: `
Bugs: `
Security Review: `
Final Security Approval: no

{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=` |Secreview=` |SecTrackerFSA=no }}

Background

This feature allows to a b2g device plugged into a computer via a USB cable to be auto-mounted as a file system. Mounting happens automatically, and the entire contents of the sdcard partition are available.

Feature Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=737153 Security Review Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=751048 Wiki: Not available.

Open Questions

Is access read-only? If not, what damage could someone do by modifying files? Is this enabled by default, or by enabling a setting?

Threat Model

ID Title Threat Proposed Mitigations Threat Agent Rating Likelihood Notes Impact Notes
1 Casual data theft User has data stolen by an attacker who has limited physical access Disable mounting device while device is locked Attacker with physical access to the phone mod Requires physical device access Access sensitive data.
2 Casual data tampering User has data modified by an attacker who has limited physical access Limiting file access and permissions Attacker with physical access to the phone mod Requires physical device access Potentially make the phone non-functional
3 Data theft/tampering if device is stolen Attacker has physical possession of the phone for unlimted time, attempting to read or change devices on the phone None - an determined attacker who has the device could likely gain access to the file system regardless of this feature (e.g put the device in download mode). Encryption of the file system is the only protection against this threat, and is outside the scope of this feature. Attacker with physical access to the phone

Authorization Model

Not applicable.

Implementation Requirements

  1. Prevent USB mounting when phone is locked.
  2. Enforce permissions to prevent access to read or modify sensitive files.
  3. Provide a setting to enable/disable feature, consider disabling by default.
Retrieved from "https://wiki.allizom.org/index.php?title=Security/B2G/USB_file-reading_API&oldid=431936"