|
|
|
|
|
|
by taviso
1239 days ago
|
|
|
Web USB can realistically improve security for billions of people globally. It will improve security for me and my family, and we're all humans. Sure, it's not a magic a wand that solves all problems, or makes malware disappear. I wish it did, but the fact that it doesn't is not a good reason to reject it. It's deployed to billions of people globally, can you show me any evidence at all that there is any Web USB social engineering happening? |
|
|
Immediately after WebUSB shipped in Chrome: "security researchers Markus Vervier and Michele OrrĂ¹ detailed a method that exploits a new and obscure feature of Google's Chrome browser to potentially bypass the account protections of any victim using the Yubikey Neo".
The fact that fishing (and fingerprinting etc.) isn't reported widely doesn't mean it doesn't happen. After all you trust Chrome to properly implement everything and take care of things. And yet here's an example of a different hardware standard, WebMIDI: https://twitter.com/denschub/status/1582730985778556931 (note the comment: "Chrome still allows web developers to enumerate attached MIDI devices without user consent or even a notification")