Security/Reviews/Audio Recording - Web API

From MozillaWiki
Jump to navigation Jump to search
Please use "Edit with form" above to edit this page.

Item Reviewed

Audio Recording - Web API & Implementation
Target Links: Full Query
ID Summary Priority Status
803414 Media Recording - Web API & Implementation -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html

Proposal https://wiki.mozilla.org/Gecko:MediaRecorder

{{#set:SecReview name=Audio Recording - Web API & Implementation |SecReview target=Links:

Full Query
ID Summary Priority Status
803414 Media Recording - Web API & Implementation -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html Proposal https://wiki.mozilla.org/Gecko:MediaRecorder }}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

reference document: https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format

  • Can this be used with other APIs (e.g. <audio> element) ?
    • stream = <video

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

`

Any security threats already considered in the design and why?

a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream

Threat Brainstorming

- Cross-origin access to video/audio stream

   - maybe read cross-origin
   - either needs to be a permission
   - or some?

- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing

   - doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?

- Is there a UI part (like in the status bar) to let the user know the microphone is on?

   - no UI in this API, but the WebRTC gUM does.

- What happens with malformed data

   - something to fuzz for    

- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- <audio> and <video> can be access cross origin (same as above...) -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript {{#set: SecReview feature goal=reference document: https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format

  • Can this be used with other APIs (e.g. <audio> element) ?
    • stream = <video

|SecReview alt solutions= |SecReview solution chosen=' |SecReview threats considered=a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream |SecReview threat brainstorming=- Cross-origin access to video/audio stream

   - maybe read cross-origin
   - either needs to be a permission
   - or some?

- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing

   - doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?

- Is there a UI part (like in the status bar) to let the user know the microphone is on?

   - no UI in this API, but the WebRTC gUM does.

- What happens with malformed data

   - something to fuzz for    

- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- <audio> and <video> can be access cross origin (same as above...) -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript }}

Action Items

Action Item Status In Progress
Release Target `
Action Items
- Pauljt::determine the threat model for WebRTC::

- Cdiehl::fuzz this API

- Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources)

{{#set:|SecReview action item status=In Progress

|Feature version=` |SecReview action items=- Pauljt::determine the threat model for WebRTC:: - Cdiehl::fuzz this API - Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources) }}