- From: Emill via GitHub <sysbot+gh@w3.org>
- Date: Wed, 08 Feb 2017 18:59:29 +0000
- To: public-web-bluetooth-log@w3.org
I agree with @scheib that the goal of Web Bluetooth should explicitly _not_ be to pair a HID mouse/keyboard with the system, but rather allow websites to access common peripherals. https://webbluetoothcg.github.io/web-bluetooth/#security-and-privacy even blacklists a website to access HID characteristics. Note that anyone can create a peripheral that exposes both a HID service and a custom service, that is constructed so that what you write to the custom service is immediately echoed back on the HID service, i.e. you could control the user's keyboard or mouse over the web using web bluetooth if the user is near a device you have placed there, as long as the user is tricked into accepting the BLE connection. Such attacks can easily be done at public areas. -- GitHub Notification of comment by Emill Please view or discuss this issue at https://github.com/WebBluetoothCG/web-bluetooth/issues/137#issuecomment-278426942 using your GitHub account
Received on Wednesday, 8 February 2017 18:59:35 UTC