Add WebUSB Support To Firefox With a Special USB Device
1 min read
Summary
A Universal 2nd Factor (U2F) standard has been developed to allow USB devices such as dongles to be used for two-factor authentication to enhance security.
However, a GitHub user called ArcaneNibble has modified the standard to allow it to be used for a wider range of functions, giving web browsers limited USB support through the U2F.
This involves using a Raspberry Pi RP2040 fitted with the modified firmware and loading an index.html page locally; this then allows the functions of the RP2040 to be controlled via the web page, such as switching an LED on and off, for example.
The key handle in the U2F standard is opaque, meaning anything can be placed in it to pass data to the host, and the ECDSA signature is easily manipulated in the ASN.1 that is returned to the dongle, meaning signature validation is not checked by Firefox or Chrome.
This only works with a specially created USB device, so normal devices remain secure, but it demonstrates the potential for using USB locally via a web browser for increased interactivity with local accessories and devices.
