Name of API: Web Telephony References: https://wiki.mozilla.org/WebAPI/WebTelephony *B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235 *Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Brief purpose of API: Make and receive phone calls General Use Cases: None Inherent threats: * Place calls to high cost numbers, * Route calls through high cost network, * Direct calls through MITM network (spying). * Possibly with audio API, record phone calls, record touch tone signals (account numbers?). * In addition, there is a high likelihood that this API will need to be controlled for legal reasons. Threat severity: high to critical, confidential information disclosure and direct financial risk == Regular web content (unauthenticated) == Use cases for unauthenticated code: click on a phone number in an email or browser to dial Authorization model for uninstalled web content: explicit (OS mediated) Authorization model for installed web content: explicit (OS mediated) Potential mitigations: When user clicks on a phone number, the OS pops up a prompt asking the user to confirm before dialing == Trusted (authenticated by publisher) == Use cases for authenticated code: * Fun dialers (eg. rotary dialer) Authorization model: explicit Potential mitigations: * UI indication (e.g. small blinking phone icon in the top of the screen or status bar) which can not be hidden when a call is active, and user can interact with to manage the call == Certified (vouched for by trusted 3rd party) == Use cases for certified code: * Replacement dialer * Voice conference software (e.g. connect Voip with a mobile call)? * Mediate incoming calls (accept/reject/merge) * Query transceiver state Authorization model: implicit Potential mitigations: none _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security