- From: Nina Satragno via GitHub <noreply@w3.org>
- Date: Wed, 06 May 2026 19:17:50 +0000
- To: public-webauthn@w3.org
It would be better if hybrid was somehow immune to local attacks. However, we haven't been able to come up with any way to do this. > The issue here is that when using hybrid transport It's not unique to hybrid. Here are other equivalent local attacks a hypothetical criminal organization could carry out: * Convince the user to tap their bluetooth security key near an attacker-controlled box. * Convince the user to plug their security keys into an attacker-controlled box. * Convince the user to tap their NFC security key into an attacker-controlled box. * Convince the user to sign in to their cloud account in an attacker-controlled box. At least phones have a screen that tells the user what they're about to do :) -- Something often missing from this conversation is that unlike a significant number of attacks that WebAuthn is designed to prevent which are remote (phishing, password stuffing, etc), people who get caught installing evil boxes IRL are likely to end up in IRL prison. I am of the opinion we should consider these attacks outside the threat model for WebAuthn. -- GitHub Notification of comment by nsatragno Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2349#issuecomment-4391162295 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 May 2026 19:17:51 UTC