Closed ahtn closed 6 years ago
The version of WebUSB described in the specification hosted here and implemented by currently shipping versions of Google Chrome does not require the device to provide a origin that will be the only source for a web application that can connect to the device. The reasons above are among those cited when making the decision to remove this requirement. If there are still references to this requirement in the documentation here please let me know so I can correct them.
This question was discussed in issue #49.
After working through an implementation of WebUSB, I am concerned that both the UA and USB device rely too much on the manufacturer continuing to maintain ownership of the target domain. With my current understanding of WebUSB, the security model boils down to:
As a user this makes me hesistant to use WebUSB devices because:
Taking into account #50, control of this domain by a malicious actor would almost certainly mean complete system compromise due to the lax security provided by USB.
Some of these issuses are inherent to the idea of WebUSB, but I think at least the issue of domain ownership can be solved. The device would need to provide some form of public key in its binary object store that the UA can then use to validate the authenticity of the target domain before allowing connections to the USB device.