canmove, Confirmed users
1,220
edits
Security/WebAPI/Web Telephony: Difference between revisions
Jump to navigation
Jump to search
Undo revision 416768 by Ptheriault (talk)
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) (Undo revision 416768 by Ptheriault (talk)) |
||
| Line 15: | Line 15: | ||
===Background=== | ===Background=== | ||
Goals | |||
* allow web content to dial out | |||
*allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state | |||
Bug: | |||
*B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235 | |||
*Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726 | |||
* | Articles: | ||
*http://hacks.mozilla.org/2012/03/webtelephony-api-and-websms-api-part-of-webapi/ | |||
*Detailed code walkthrough for receive call case: https://wiki.mozilla.org/B2G/Architecture#RIL:_Telephony | |||
Changeset | |||
*https://hg.mozilla.org/integration/mozilla-inbound/rev/bac673bc7211 | |||
Source: | |||
*http://mxr.mozilla.org/mozilla-central/source/dom/telephony/ | |||
*https://github.com/mozilla-b2g/android-hardware-ril/blob/master/include/telephony/ril.h | |||
===Data Flow Diagram=== | ===Data Flow Diagram=== | ||
| Line 34: | Line 35: | ||
===Threat Model=== | ===Threat Model=== | ||
{| border="1" class="fullwidth-table sortable" | |||
|ID||Title||Threat||Proposed Mitigations||Threat Agent||Rating||Likelihood||Notes||Impact||Notes | |||
|- | |||
|1||Unauthorized content accesses the Web Telephony API||A web page or web app accesses the Telephony API with having the valid permissions or requirements ||\* App Permissions Model will enforce which apps can access which APIs | |||
\* B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)||Malicious web content||||Requires a bug in broader browser security model||||||\* Place unauthorized calls, cost the user money, make spam phone calls | |||
\* Use phone a bugging device, breach user privacy | |||
\* probably would have broader implications | |||
|- | |||
|2||Attack from radio network||Malicious service provider or attacker with ability to inject radio packets could attack the web telephony stack.||\* Code review | |||
\* Fuzzing | |||
||Malicious service provider or attacker with ability to inject radio packets|||||||||| | |||
|- | |||
|3||Bug in Web Telephony stack leads to code execution vulnerability ||A web page could supply malicious data to an API, triggering an exploitable crash.||\* Code review | |||
\* Fuzzing | |||
\* Limiting access to API||Malicious web content||||||||||\*Dangerous since it involves privileged code | |||
|- | |||
|3||Content spoofing phones dialer app||Webpage or app masquerades as the dialer for a complex phishing attack||\*Sort of a broader B2G issue (all apps could be spoofed) | |||
\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content|||||||||| | |||
|- | |||
|4||Content framing the dialer app||If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call.||\* Broader B2G issue | |||
\* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content|||||||||| | |||
|- | |||
|} | |||