Looks like the tinfoil hat brigade is out in full force again.
Some points on WebUSB:
- Permission is not generally granted. Devices have to whitelist domains.
- Closing the associated web application will also close the command stream, thus this is already much more secure than the local driver software model.
- Sites utilising WebUSB run inside a sandbox. They cannot access other sites/cross domain resources or gain access to devices connected to another domain.
Some points on WebUSB:
- Permission is not generally granted. Devices have to whitelist domains.
- Closing the associated web application will also close the command stream, thus this is already much more secure than the local driver software model.
- Sites utilising WebUSB run inside a sandbox. They cannot access other sites/cross domain resources or gain access to devices connected to another domain.
Comment