On 2015-03-12 8:26 AM, Aryeh Gregor wrote:
Aha, that makes a lot more sense. Thanks. Yes, that does seem like a
more realistic attack. A few points come to mind:
1) The page has no way to know whether it has persisted permissions
without just trying, right? If so, the user will notice something is
weird when he gets strange permissions requests, which makes the
attack less attractive.
FWIW there are attempts to add features to the Web platform which would
let web pages query for the permissions that they have without asking
for the permission. See
<https://docs.google.com/document/d/12xnZ_8P6rTpcGxBHiDPPCe7AUyCar-ndg8lh2KwMYkM/edit#>.
2) If the only common real-world MITM threat is via a compromise
adjacent to the client (e.g., wireless), there's no reason to restrict
geolocation, because the attacker already knows the user's location
fairly precisely.
I don't think that is the only common real-world attack. Other types
include your traffic being intercepted by your ISP, and/or your government.
3) Is there any reason to not persist permissions for as long as the
user remains on the same network (assuming we can figure that out
reliably)? If not, the proposal would be much less annoying, because
in many common cases the permission would be persisted for a long time
anyway. Better yet, can we ask the OS whether the network is
classified as home/work/public and only restrict the persistence for
public networks?
That would have been a good idea if wifi attacks were the only ones.
4) Feasible though the attack may be, I'm not sure how likely
attackers are to try it. Is there some plausible profit motive here?
Script kiddies will set up websites and portscan with botnets just for
lulz, but a malicious wireless router requires physical presence,
which is much riskier for the attacker. If I compromised a public
wireless router, I would try passively sniffing for credit card info
in people's unencrypted webmail, or steal their login info. Why would
I blow my cover by trying to take pictures of them?
There have been documented cases of webcam spying victims committing
suicide. And I wouldn't be surprised if there are or will be businesses
based on selling people's webcam feeds. Protecting people's physical
privacy is just as important as protecting their digital privacy.
Cheers,
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
