WebAPI Security Discussion: Web SMS API

Wed, 18 Apr 2012 18:21:19 -0700 

Updated proposal per comments.  Looking to close this out unless there are 
further concerns or discussions in the next 48 hours or so.

Name of API: Web SMS API
References: https://bugzilla.mozilla.org/show_bug.cgi?id=674725

Brief purpose of API: Send and recieve SMS messages
General Use Cases: None

Inherent threats: 
* Sending an SMS costs user money, premium SMS services, SMS payments etc
* Receiving SMS has privacy implications, SMS also used for 2-factor 
authentication

Threat severity: critical per https://wiki.mozilla.org/Security_Severity_Ratings

== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: App prompts user to send SMS
Authorization model for uninstalled web content: Explicit (OS Mediated)
Authorization model for installed web content: Explicit (OS Mediated)
Potential mitigations: Prompt user to send SMS. User reviews SMS in trusted UI 
prior to sending.

== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Full-featured SMS app, integrated messaging 
apps.  Read received SMSes, send MMS/SMS.
Authorization model: Explicit
Potential mitigations: Can we filter/warn on premium numbers?  Note that 
premium SMS trojans are currently plaguing the Android platform.

== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: SMS app
Authorization model: implicit
Potential mitigations: None beyond certification
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

Reply via email to