Conversation

so, a lot of people I know have a severely negative view of WebUSB. that view is, mostly, justified. I think it is only more interesting then that I see the GrapheneOS flashing tool--yes, flashing stuff via the browser--as net beneficial

Quote Tweet

GrapheneOS

@GrapheneOS

Jan 24, 2021

An experimental version of our web-based installer for GrapheneOS is now available: grapheneos.org/install/web This can be used from browsers with WebUSB support. Most Chromium-based browsers are supported including Chrome, Edge and Brave. No need to run any additional software.

Show this thread

144

Catherine

@whitequark

Jan 24, 2021

it's beneficial because flashing is hard and most people rightfully don't want learn how fastboot, adb, etc work, and seek out convenience. they'll find it either with the first party, GrapheneOS, or a potentially malicious or negligent third party. here, WebUSB is harm reduction

Catherine

@whitequark

Jan 24, 2021

I'm not sure if WebUSB could have been designed in a way that makes harm negligible. I know that it could have been designed to minimize potential harm, and it clearly wasn't (Chrome just lets you do ~anything to ~any device), and I find that unfortunate.

Replying to

If I remember correctly, There was originally supposed to be a marker value in usb descriptors to say whether a device was fit for webusb. That got tossed out early.

Replying to

and

I don't think there's much point in that. The issue isn't really that granting access to devices can be harmful but that there's no explanation of what access provides. Granting access to fastboot after enabling OEM unlocking can clearly be used maliciously, but it's very useful.

Replying to

and

(I think there needs to be some sort of request whitelist, because without one you'll be able to flip all sorts of random junk built on popular ICs into DFU mode and wreak havoc.)

Replying to

and

It's an issue even without WebUSB because plugging in a USB device doesn't mean you completely trust that computer. Users will also happily install an application. It's not much harder to download and install an application compared to selecting a USB device for a site to access.

Replying to

and

For devices not explicitly designed for WebUSB, it could show a scary, generic explanation of what access can provide. For devices designed for it, they could provide their own explanation with the semantics they've implemented. I think that'd be a good approach for it.

5:30 PM · Jan 24, 2021Twitter Web App

Replying to

and

The only real issue that I see is users have a much better collective knowledge about what installing an application provides vs. what granting access to a USB device provides. It's missing a nice 1 sentence + bullet point explanation of what granting access is going to provide.

Replying to

and

I meant the other way around here: websites could trivially abuse any FX2 they have WebUSB access for to reprogram it into HID. it's simple enough for script kiddies (do people still even use that term)

Show replies