Security/Reviews/Audio Recording - Web API: Difference between revisions
(Created page with "{{SecReviewInfo |SecReview name=Audio Recording - Web API & Implementation }} {{SecReview}} {{SecReviewActionStatus |SecReview action item status=None }}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecReviewInfo | {{SecReviewInfo | ||
|SecReview name=Audio Recording - Web API & Implementation | |SecReview name=Audio Recording - Web API & Implementation | ||
|SecReview target=Links: | |||
<bugzilla> | |||
{ | |||
"id":" 803414" | |||
} | |||
</bugzlla> | |||
https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) | |||
The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html | |||
Proposal https://wiki.mozilla.org/Gecko:MediaRecorder | |||
}} | |||
{{SecReview | |||
|SecReview feature goal=reference document: | |||
https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html | |||
This API is used for application can record the video/audio data and save to file system. | |||
Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips | |||
output: encoded blob data | |||
https://bugzilla.mozilla.org/show_bug.cgi?id=803414 | |||
- Provide access to audio buffer, opus output format | |||
* Can this be used with other APIs (e.g. <audio> element) ? | |||
** stream = <video|audioElement>.mozCaptureStreamUntilEnded() | |||
** https://dvcs.w3.org/hg/audio/raw-file/tip/webaudio/webrtc-integration.html | |||
- Does it get written to disk ? | |||
- It is not written to disk,but you can write it to disk using device storage. | |||
Compare to: https://developer.mozilla.org/en-US/docs/Introducing_the_Audio_API_Extension | |||
mozCaptureStream | |||
Timeline for feature: - 1.2, can be used in mobile | |||
On B2G project , this feature is requested by OEMs and define in audio feature | |||
https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ahey1dktsSfidFFmUTdPbXp2WTZuR3lHLTl1b09UTlE#gid=0 | |||
In mobile devices, voice recorder is a common application that allow user can record the environment sound. | |||
===Why was this solution chosen?=== | |||
follow w3c suggest DOM API | |||
- which DOM API ? | |||
https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html | |||
Audio API extension already allows access to framebuffer, but this API provides an ENCODED version of the stream, so it is compressed etc, so the data provided is much smaller and ready to be stored to disk. | |||
FM Radio is NOT available to record (even by trying to access the <audio> element the FM radio is attached to). | |||
|SecReview alt solutions= | |||
|SecReview threats considered=a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream | |||
|SecReview threat brainstorming=- Cross-origin access to video/audio stream | |||
- maybe read cross-origin | |||
- either needs to be a permission | |||
- or some? | |||
- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? | |||
- Temporary files could be a privacy issue if not properly deleted? | |||
- Running out of memory or disk space | |||
- Access the microphone without the user knowing | |||
- doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex? | |||
- Is there a UI part (like in the status bar) to let the user know the microphone is on? | |||
- no UI in this API, but the WebRTC gUM does. | |||
- What happens with malformed data | |||
- something to fuzz for | |||
- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) | |||
-- <audio> and <video> can be access cross origin (same as above...) | |||
-- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript | |||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status= | |SecReview action item status=In Progress | ||
|SecReview action items=- Pauljt::determine the threat model for WebRTC:: | |||
- Cdiehl::fuzz this API | |||
- Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources) | |||
}} | }} | ||
Revision as of 18:07, 29 April 2013
Item Reviewed
| Audio Recording - Web API & Implementation | |
| Target | Links:
<bugzilla> { "id":" 803414" } </bugzlla> https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html Proposal https://wiki.mozilla.org/Gecko:MediaRecorder |
{{#set:SecReview name=Audio Recording - Web API & Implementation |SecReview target=Links: <bugzilla> { "id":" 803414" } </bugzlla> https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html Proposal https://wiki.mozilla.org/Gecko:MediaRecorder }}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
reference document: https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format
- Can this be used with other APIs (e.g. <audio> element) ?
- stream = <video
What solutions/approaches were considered other than the proposed solution?
Why was this solution chosen?
`
Any security threats already considered in the design and why?
a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream
Threat Brainstorming
- Cross-origin access to video/audio stream
- maybe read cross-origin - either needs to be a permission - or some?
- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing
- doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?
- Is there a UI part (like in the status bar) to let the user know the microphone is on?
- no UI in this API, but the WebRTC gUM does.
- What happens with malformed data
- something to fuzz for
- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- <audio> and <video> can be access cross origin (same as above...) -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript {{#set: SecReview feature goal=reference document: https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format
- Can this be used with other APIs (e.g. <audio> element) ?
- stream = <video
|SecReview alt solutions= |SecReview solution chosen=' |SecReview threats considered=a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream |SecReview threat brainstorming=- Cross-origin access to video/audio stream
- maybe read cross-origin - either needs to be a permission - or some?
- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing
- doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?
- Is there a UI part (like in the status bar) to let the user know the microphone is on?
- no UI in this API, but the WebRTC gUM does.
- What happens with malformed data
- something to fuzz for
- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- <audio> and <video> can be access cross origin (same as above...) -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript }}
Action Items
| Action Item Status | In Progress |
| Release Target | ` |
| Action Items | |
| - Pauljt::determine the threat model for WebRTC::
- Cdiehl::fuzz this API - Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources) |
|
{{#set:|SecReview action item status=In Progress
|Feature version=` |SecReview action items=- Pauljt::determine the threat model for WebRTC:: - Cdiehl::fuzz this API - Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources) }}