Project Info
| Web Telephony | |
| Project Page | https://wiki.mozilla.org/WebAPI/WebTelephony |
| Next Milestone | Target Milestone: --- → mozilla12 |
| Security Resource | Paul Theriault |
{{#set:Component=Web Telephony |Project=https://wiki.mozilla.org/WebAPI/WebTelephony |Milestone=Target Milestone: --- → mozilla12 |Resource=Paul Theriault }}
Security Information
| Status: | OK |
| Securtiy Approved for Beta Launch?: | No |
| Data Flow Diagram: | ` |
| Threat Model: | ` |
| Bugs: | https://bugzilla.mozilla.org/show_bug.cgi?id=674726 |
| Security Review: | ` |
| Final Security Approval: | no |
{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=https://bugzilla.mozilla.org/show_bug.cgi?id=674726 |Secreview=` |SecTrackerFSA=no }}
Background
- Goals
- allow web content to dial out
- allow content to mediate incoming calls (accept/reject/merge) *allow content to query transceiver state
- Bugs:
- B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235
- Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
- Articles:
- WebAPI Intro: http://hacks.mozilla.org/2012/03/webtelephony-api-and-websms-api-part-of-webapi/
- Detailed code walkthrough: https://wiki.mozilla.org/B2G/Architecture#RIL:_Telephony ( some code links of of date, see code links below)
- Changeset for parts on M-C
- Source:
Data Flow Diagram
TDB
Threat Model
<tbody> </tbody>
|
ID |
Title |
Threat |
Proposed Mitigations |
Threat Agent |
Rating |
Likelihood |
Notes |
Impact |
Notes |
|
1 |
Unauthorized content accesses the Web Telephony API |
A web page or web app accesses the Telephony API with having the valid permissions or requirements |
* App Permissions Model will enforce which apps can access which APIs * B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level) |
Malicious web content |
|
Requires a bug in broader browser security model |
|
|
* Place unauthorized calls, cost the user money, make spam phone calls * Use phone a bugging device, breach user privacy * probably would have broader implications
|
|
2 |
Attack from radio network |
Malicious service provider or attacker with ability to inject radio packets could attack the web telephony stack. |
* Code review * Fuzzing
|
Malicious service provider or attacker with ability to inject radio packets |
|
|
|
|
|
|
3 |
Bug in Web Telephony stack leads to code execution vulnerability |
A web page could supply malicious data to an API, triggering an exploitable crash. |
* Code review * Fuzzing * Limiting access to API |
Malicious web content |
|
|
|
|
*Dangerous since it involves privileged code |
|
3 |
Content spoofing phones dialer app |
Webpage or app masquerades as the dialer for a complex phishing attack |
*Sort of a broader B2G issue (all apps could be spoofed) * Only high-privileged content process will have access to send dialer IPDL messages |
Malicious web content |
|
|
|
|
|
|
4 |
Content framing the dialer app |
If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call. |
* Broader B2G issue * Only high-privileged content process will have access to send dialer IPDL messages |
Malicious web content |
|
|
|
|
|