Security/WebAPI/Web Telephony: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 13: Line 13:
}}
}}
[[Category:WebApi]]
[[Category:WebApi]]
===Background===
Goals
* allow web content to dial out
*allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state
Bug:
*B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235
*Web Telephony meta bug:  https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Articles:
*http://hacks.mozilla.org/2012/03/webtelephony-api-and-websms-api-part-of-webapi/
*Detailed code walkthrough for receive call case: https://wiki.mozilla.org/B2G/Architecture#RIL:_Telephony
Changeset
*https://hg.mozilla.org/integration/mozilla-inbound/rev/bac673bc7211
Source:
*http://mxr.mozilla.org/mozilla-central/source/dom/telephony/
*https://github.com/mozilla-b2g/android-hardware-ril/blob/master/include/telephony/ril.h
===Data Flow Diagram===
TDB
{|
|ID||Title||Threat||Proposed Mitigations||Threat Agent||Rating||Likelihood||Notes||Impact||Notes
|-
|1||Unauthorized content accesses the Web Telephony API||A web page or web app accesses the Telephony API with having the valid permissions or requirements ||\* App Permissions Model will enforce which apps can access which APIs
\* B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)||Malicious web content||||Requires a bug in broader browser security model||||||\* Place unauthorized calls, cost the user money, make spam phone calls
\* Use phone a bugging device, breach user privacy
\* probably would have broader implications
|-
|2||Attack from radio network||Malicious service provider or attacker with ability to inject radio packets could attack the web telephony stack.||\* Code review
\* Fuzzing
||Malicious service provider or attacker with ability to inject radio packets||||||||||
|-
|3||Bug in Web Telephony stack leads to code execution vulnerability ||A web page could supply malicious data to an API, triggering an exploitable crash.||\* Code review
\* Fuzzing
\* Limiting access to API||Malicious web content||||||||||\*Dangerous since it involves privileged code
|-
|3||Content spoofing phones dialer app||Webpage or app masquerades as the dialer for a complex phishing attack||\*Sort of a broader B2G issue (all apps could be spoofed)
\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content||||||||||
|-
|4||Content framing the dialer app||If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call.||\* Broader B2G issue
\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content||||||||||
|-
|}

Revision as of 07:12, 5 April 2012

Please use "Edit with form" above to edit this page.

Project Info

Web Telephony
Project Page https://wiki.mozilla.org/WebAPI/WebTelephony
Next Milestone Target Milestone: --- → mozilla12
Security Resource Paul Theriault

{{#set:Component=Web Telephony |Project=https://wiki.mozilla.org/WebAPI/WebTelephony |Milestone=Target Milestone: --- → mozilla12 |Resource=Paul Theriault }}

Security Information

Status: OK
Securtiy Approved for Beta Launch?: No
Data Flow Diagram: `
Threat Model: `
Bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Security Review: `
Final Security Approval: no

{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=https://bugzilla.mozilla.org/show_bug.cgi?id=674726 |Secreview=` |SecTrackerFSA=no }}

Background

Goals

  • allow web content to dial out
  • allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state


Bug:

Articles:

Changeset


Source:

Data Flow Diagram

TDB


ID Title Threat Proposed Mitigations Threat Agent Rating Likelihood Notes Impact Notes
1 Unauthorized content accesses the Web Telephony API A web page or web app accesses the Telephony API with having the valid permissions or requirements \* App Permissions Model will enforce which apps can access which APIs

\* B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)||Malicious web content||||Requires a bug in broader browser security model||||||\* Place unauthorized calls, cost the user money, make spam phone calls \* Use phone a bugging device, breach user privacy \* probably would have broader implications

2 Attack from radio network Malicious service provider or attacker with ability to inject radio packets could attack the web telephony stack. \* Code review

\* Fuzzing

Malicious service provider or attacker with ability to inject radio packets
3 Bug in Web Telephony stack leads to code execution vulnerability A web page could supply malicious data to an API, triggering an exploitable crash. \* Code review

\* Fuzzing \* Limiting access to API||Malicious web content||||||||||\*Dangerous since it involves privileged code

3 Content spoofing phones dialer app Webpage or app masquerades as the dialer for a complex phishing attack \*Sort of a broader B2G issue (all apps could be spoofed)

\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content||||||||||

4 Content framing the dialer app If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call. \* Broader B2G issue

\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content||||||||||

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/WebAPI/Web_Telephony&oldid=416761"