A recent phishing campaign exploits cross-device sign-in features to bypass FIDO key protections without vulnerabilities in the keys themselves. The attack involves tricking users into authenticating via QR codes, leading to potential account compromise. #PoisonSeed #FIDOkeys
Keypoints
- The phishing campaign targets organizations by exploiting cross-device sign-in functionality of FIDO keys.
- The attack begins with a phishing email prompting users to visit a fake login page and enter their credentials.
- Attackers use QR codes to relay stolen login information to legitimate portals, bypassing FIDO protections.
- Monitoring unusual device registrations and implementing Bluetooth authentication can help prevent such attacks.
- While FIDO keys remain valuable, security teams need to enhance protections against rising abuse tactics.
Read More: https://thecyberexpress.com/fido-key-phishing-attack/