The Web Bluetooth Security Model

The user can choose which heart rate monitor to grant access to, if any.
  • An abusive software developer, trying to do embarrassing or privacy-insensitive things that don’t go outside devices’ security models.
  • A malicious software developer, trying to exploit users using nearby Bluetooth devices.
  • A malicious hardware manufacturer, trying to exploit users or websites who connect to their devices.
  • A malicious manufacturer/developer, who can push cooperating hardware and software.
  • Weakly-written device firmware, which doesn’t intend to hurt its users, but might be vulnerable to malicious connections.
  • Weakly-written kernels, which might be vulnerable to either malicious userland software or malicious connections.

Abusive software developers

  • The chooser grants a website access to only the specific devices a user selects, which helps the user associate misbehavior with specific sites and prevents those sites from messing with extra devices.
  • On desktop platforms we show a tab indicator while a site is connected to a device, which also helps associate the site with the misbehaving device. This isn’t perfect, since the site might configure a device to only misbehave later, long after the site has disconnected to stop showing the tab indicator.
  • If users notice misbehavior and revoke a site’s access to a device, we’re looking into ways to aggregate that in a privacy-preserving way and use it to protect other users from that site, either by automatically denying the chooser or by adding an extra warning that the site might be abusive.

Malicious software developers

Getting permission

  1. Click on app install banner.
  2. Click ‘Install’ in Play Store. Wait.
  3. Click ‘Open’ in Play Store.
  4. Click ‘Accept’ on a location permission prompt.
  1. Click on app install banner.
  2. Click ‘Get’ in App Store.
  3. Click ‘Install’ in App Store. Wait.
  4. Click ‘Open’ in App Store.
  1. Site calls chrome.webstore.install() inside a user gesture.
  2. Click ‘Add’ on a dialog that mentions Bluetooth. Wait.
  3. Click the app icon.
  1. Site calls navigator.bluetooth.requestDevice() inside a user gesture.
  2. Click the vulnerable device inside a dialog that mentions pairing.
  3. Click ‘Pair’.

Getting permission illicitly

  • Native: XcodeGhost demonstrates that it’s possible to compromise native apps at scale, but to do it you need to compromise development machines.
  • Web: Web sites are often compromised to host malware. Even without being compromised, web sites embed ads that shouldn’t be able to access Bluetooth devices. To make sure ads only get access to expected capabilities, Chris Palmer is proposing a permission delegation API, which Web Bluetooth will use.

Attacking the kernel through Bluetooth APIs

Attacking through non-Bluetooth channels

  • Native apps find it easier to escape the system sandbox than web apps, at least because web apps have to escape a browser sandbox before even attempting to attack the system.
  • Native apps have more abilities by default than web apps. For example, native apps have raw network access, can execute in the background, and can track users through a persistent advertising ID.
  • Android M+ requires the user grant access to their location in order for an app to communicate over Bluetooth.

Avoiding blockage

  • Native: App stores have full access to an app’s code and can test it for malicious behavior on hardware they pick. However, because each kind of remote Bluetooth device may speak a different protocol and have different vulnerabilities, the stores basically can’t test for malice and have to allow any messages they don’t know to be harmful.
  • Web: We can’t do an offline scan of a website, but app stores aren’t benefitting from offline scans in this case anyway. We can block the known-harmful messages using an updatable registry of blacklisted services.
  • Native: Stores can take down all apps uploaded under a single credit card.
  • Web: Safe Browsing can block access to the single malicious website.

Attacking the device

  • Native: The app has access to both GATT and Bluetooth Classic profiles. Classic profiles are byte-stream-based, which makes them harder to parse and more likely to be exploitable. As mentioned above, native apps can also attack all devices in radio range, the entire time they’re installed, without going back through a user prompt.
  • Web: Sites can only communicate over the relatively simple GATT protocol, which maps keys to bounded-length values. Sites can also only attack devices the user explicitly granted access to.

Malicious hardware manufacturers

Malicious hardware manufacturers who also write websites


  • Web Bluetooth’s ability to pair an application with a single remote device is a big advance toward the principle of least privilege.
  • Reducing the number of native apps users need to install is another big advance given the general power of native apps.
  • Some users’ devices probably will be exploited by malicious websites using Web Bluetooth. We believe the other security benefits will outweigh this.
  • We need to run several more security tests before shipping the API, including fuzzing several operating systems and testing that they don’t automatically grant access for devices to act as keyboards.





I’m a software engineer on the Google Chrome team, working on Web Packaging, and more broadly, web standards in general.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jeffrey Yasskin

Jeffrey Yasskin

I’m a software engineer on the Google Chrome team, working on Web Packaging, and more broadly, web standards in general.

More from Medium

Closed-Source-to-Open-Source Twitter repository named “The Algorithm” on Github

Live Streaming Platform Inke: How to Build an Immersive Metaverse Karaoke Rapidly


CRUD Is Dead, Long Live CRUD!

Extending Synpress with additional MetaMask commands