making security even easier

Phishing the unphishable — FIDO security keys PIN stealer attack

Cybersecurity professionals and researchers worldwide (including myself) keep promoting using FIDO keys as the authentication method having the highest security level. While I agree with this, there is still a security risk with some FIDO security keys, which is relatively small but still worth describing.

In this article, I will describe how to steal someone’s FIDO key PIN code and provide all the necessary tools. Do not expect any high-level reverse engineering stuff, the attack is super simple — it is the same old phishing-like technique. The only novelty is that it will be targeting the online accounts protected by physical FIDO security keys.

read more here

<< Go back to the previous page

G+ profile

follow me : github, habrahabr , linkedin
Feel free to contact me directly :
emin --at huseynov --dot com

Other projects

Google authenticator for Citrix StoreFront
Google authenticator for Citrix Web Interface 5.4
MOTP App with QR based enrolment

Not security related