Comment by 20after4
1 month ago
It's not that different. It might be easier than your average "pwn" and might not require root access, but this is only my hypothesis based on what's written in TFA.
1 month ago
It's not that different. It might be easier than your average "pwn" and might not require root access, but this is only my hypothesis based on what's written in TFA.
If it is USB, you should be able to do it directly in JS via Chrome.
WebUSB requires the device to opt in via it's USB descriptors. Otherwise any USB device with firmware updates would have this problem.
Maybe an issue here is WebSerial, as HCI comes over a serial port device. I believe the OS should block access to the serial device once the host driver takes it as a Bluetooth adapter though.
> WebUSB requires the device to opt in via it's USB descriptors.
IIRC, that restriction was removed.
>It might be easier than your average "pwn" and might not require root access
It's an IOT device. Everything's running as root.