- From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
- Date: Mon, 04 Nov 2019 08:26:36 +0000
- To: public-web-nfc@w3.org
From @zolkis: > https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/ > The morale: convenience vs security is not childplay. Like making content available with opening URL. We need threat analysis for the use case. I don't think this is a big risk here. * You cannot install anything from NDEF via out API * Data is inert, so if you want to instantiated/evaluate WASM/JS from a tag, then the website will have to consider the security implications and as such probably make sure the data is signed (a record exists for that) -- GitHub Notification of comment by kenchris Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/429#issuecomment-549258107 using your GitHub account
Received on Monday, 4 November 2019 08:26:37 UTC