Security/WebAPI/Web Telephony: Difference between revisions

Revision as of 07:13, 5 April 2012

Please use "Edit with form" above to edit this page.

Project Info

Web Telephony
Project Page	https://wiki.mozilla.org/WebAPI/WebTelephony
Next Milestone	Target Milestone: --- → mozilla12
Security Resource	Paul Theriault

{{#set:Component=Web Telephony |Project=https://wiki.mozilla.org/WebAPI/WebTelephony |Milestone=Target Milestone: --- → mozilla12 |Resource=Paul Theriault }}

Security Information

Status:	OK
Securtiy Approved for Beta Launch?:	No
Data Flow Diagram:	`
Threat Model:	`
Bugs:	https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Security Review:	`
Final Security Approval:	no

{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=https://bugzilla.mozilla.org/show_bug.cgi?id=674726 |Secreview=` |SecTrackerFSA=no }}

Background

Goals

allow web content to dial out
allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state

Bug:

B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235
Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726

Articles:

http://hacks.mozilla.org/2012/03/webtelephony-api-and-websms-api-part-of-webapi/
Detailed code walkthrough for receive call case: https://wiki.mozilla.org/B2G/Architecture#RIL:_Telephony

Changeset

https://hg.mozilla.org/integration/mozilla-inbound/rev/bac673bc7211

Source:

Data Flow Diagram

TDB

Threat Model

ID	Title	Threat	Proposed Mitigations	Threat Agent	Rating	Likelihood	Notes	Impact	Notes
1	Unauthorized content accesses the Web Telephony API	A web page or web app accesses the Telephony API with having the valid permissions or requirements	\* App Permissions Model will enforce which apps can access which APIs \* B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)\|\|Malicious web content\|\|\|\|Requires a bug in broader browser security model\|\|\|\|\|\|\* Place unauthorized calls, cost the user money, make spam phone calls \* Use phone a bugging device, breach user privacy \* probably would have broader implications
2	Attack from radio network	Malicious service provider or attacker with ability to inject radio packets could attack the web telephony stack.	\* Code review \* Fuzzing	Malicious service provider or attacker with ability to inject radio packets
3	Bug in Web Telephony stack leads to code execution vulnerability	A web page could supply malicious data to an API, triggering an exploitable crash.	\* Code review \* Fuzzing \* Limiting access to API\|\|Malicious web content\|\|\|\|\|\|\|\|\|\|\*Dangerous since it involves privileged code
3	Content spoofing phones dialer app	Webpage or app masquerades as the dialer for a complex phishing attack	\Sort of a broader B2G issue (all apps could be spoofed) \ Only high-privileged content process will have access to send dialer IPDL messages\|\|Malicious web content\|\|\|\|\|\|\|\|\|\|
4	Content framing the dialer app	If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call.	\* Broader B2G issue \* Only high-privileged content process will have access to send dialer IPDL messages\|\|Malicious web content\|\|\|\|\|\|\|\|\|\|

@@ Line 18: / Line 18: @@
 * allow web content to dial out
 *allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state
 Bug:
@@ Line 27: / Line 25: @@
 *http://hacks.mozilla.org/2012/03/webtelephony-api-and-websms-api-part-of-webapi/
 *Detailed code walkthrough for receive call case: https://wiki.mozilla.org/B2G/Architecture#RIL:_Telephony
 Changeset
 *https://hg.mozilla.org/integration/mozilla-inbound/rev/bac673bc7211
 Source:
 *http://mxr.mozilla.org/mozilla-central/source/dom/telephony/
@@ Line 40: / Line 34: @@
 TDB
+===Threat Model===
 {|