Re: [web-bluetooth] Provide a way to pair when the user's paying attention

I agree with @scheib that the goal of Web Bluetooth should explicitly 
_not_ be to pair a HID mouse/keyboard with the system, but rather 
allow websites to access common peripherals. 
even blacklists a website to access HID characteristics. Note that 
anyone can create a peripheral that exposes both a HID service and a 
custom service, that is constructed so that what you write to the 
custom service is immediately echoed back on the HID service, i.e. you
 could control the user's keyboard or mouse over the web using web 
bluetooth if the user is near a device you have placed there, as long 
as the user is tricked into accepting the BLE connection. Such attacks
 can easily be done at public areas.

GitHub Notification of comment by Emill
Please view or discuss this issue at
 using your GitHub account

Received on Wednesday, 8 February 2017 18:59:35 UTC