Security/Reviews/Audio Recording - Web API

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Audio Recording - Web API & Implementation
Target Links: Full Query
ID Summary Priority Status
803414 Media Recording - Web API & Implementation -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html

Proposal https://wiki.mozilla.org/Gecko:MediaRecorder
The given value "Links: Full Query
ID Summary Priority Status
803414 Media Recording - Web API & Implementation -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

https://bugzilla.mozilla.org/show_bug.cgi?id=803414 (Audio Recording - Web API & Implementation) The webidl for Media Recording APIhttps://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/RecordingProposal.html

Proposal https://wiki.mozilla.org/Gecko:MediaRecorder" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

reference document: https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format

  • Can this be used with other APIs (e.g. <audio> element) ?
    • stream = <video

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

`

Any security threats already considered in the design and why?

a. un-autohorized usage: The getUserMedia API would check if application has the right to getMediaStream

Threat Brainstorming

- Cross-origin access to video/audio stream

   - maybe read cross-origin
   - either needs to be a permission
   - or some?

- Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing

   - doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?

- Is there a UI part (like in the status bar) to let the user know the microphone is on?

   - no UI in this API, but the WebRTC gUM does.

- What happens with malformed data

   - something to fuzz for    

- is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- <audio> and <video> can be access cross origin (same as above...) -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript

  • Property "SecReview feature goal" (as page type) with input value "reference document:

    https://dvcs.w3.org/hg/dap/raw-file/default/media-stream-capture/MediaRecorder.html This API is used for application can record the video/audio data and save to file system. Input:mediaStream, which come from GetUserMedia (via webRTC module), video or audio clips output: encoded blob data https://bugzilla.mozilla.org/show_bug.cgi?id=803414 - Provide access to audio buffer, opus output format

    • Can this be used with other APIs (e.g. element) ?
      • stream = " contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
      • Property "SecReview threat brainstorming" (as page type) with input value "- Cross-origin access to video/audio stream
       - maybe read cross-origin
       - either needs to be a permission
       - or some?
    

    - Hijacking an existing stream from a video or audio element and calling mozCaptureStreamUntilEnded on it? - Temporary files could be a privacy issue if not properly deleted? - Running out of memory or disk space - Access the microphone without the user knowing

       - doesnt increase the chance, but does increase the impact - audio bugging could be client side, or more complex?
    

    - Is there a UI part (like in the status bar) to let the user know the microphone is on?

       - no UI in this API, but the WebRTC gUM does.
    

    - What happens with malformed data

       - something to fuzz for    
    

    - is the AudioApi compliant w/ CORS? or can you just read any old stream cross-origin? (the existing API, as well as the new one) -- and can be access cross origin (same as above...)

    -- https://developer.mozilla.org/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status In Progress
Release Target `
Action Items
- Pauljt::determine the threat model for WebRTC::

- Cdiehl::fuzz this API

- Pauljt::Tainting audio/video elements with cross-origin audio data, so that this API fails in such cases. (ie web page should not be able to access the contents of cross-origin resources)