Cybersecurity professionals and researchers worldwide (including myself) keep promoting using FIDO keys as the authentication method having the highest security level. While I agree with this, there is still a security risk with some FIDO security keys, which is relatively small but still worth describing.
In this article, I will describe how to steal someone’s FIDO key PIN code and provide all the necessary tools. Do not expect any high-level reverse engineering stuff, the attack is super simple — it is the same old phishing-like technique. The only novelty is that it will be targeting the online accounts protected by physical FIDO security keys.