Up until ~5 years ago, hacking U2F to make it pass (smuggle?) arbitrary data was exactly how hardware wallet like those from Ledger and Trezor were communicating with websites and web extensions (like Metamask), for the lack of a better alternative.
This is how hardware secured "web3" came to be.
Up until ~5 years ago, hacking U2F to make it pass (smuggle?) arbitrary data was exactly how hardware wallet like those from Ledger and Trezor were communicating with websites and web extensions (like Metamask), for the lack of a better alternative. This is how hardware secured "web3" came to be.