FIDO Protocol Backed for Cybersecurity and Spider Prevention

Published Date : 7/30/2025 

Recent cybersecurity updates highlight the effectiveness of the FIDO protocol in preventing phishable MFA vulnerabilities and protecting against Scattered Spider attacks. Discover how FIDO is the recommended solution for secure authentication. 

A pair of cybersecurity updates represent not just wins for the FIDO protocol, but also a possible swan song for a certain, legacy version of multi-factor authentication. A reported passkey vulnerability has been walked back, and FIDO is recommended as the fix to the vulnerability of “phishable” MFA wreaking havoc on corporate networks around the world.

The PoisonSeed attack reported by security company Expel earlier this month does not give access to protected assets, if the FIDO Cross-Device Authentication flow is properly implemented.

The alleged vulnerability involved using the “cross-device sign-in” feature of FIDO passkeys and social engineering to execute an adversary-in-the-middle (AitM) attack. The attack was able to successfully pass the password factor of the authentication flow by getting a target, likely an employee, to scan a QR code substituted by the attacker for one from Okta, “but all subsequent MFA challenges failed and the attacker is never granted access to the requested resource,” according to a new blog post from Expel.

The explanation comes with an apology, and credit from the Expel team to the FIDO community for its engagement.

Legacy MFA methods were blamed for a recent spate of successful hacks by the Scattered Spider attack group exposing data from major airlines. An advisory from the U.S. Cybersecurity & Infrastructure Security Agency has been updated to note tactical changes retains a recommendation to “(i)mplement FIDO/WebAuthn authentication or Public Key Infrastructure (PKI)-based MFA.”

These MFA implementations are resistant to phishing and not susceptible to push bombing or SIM swap attacks, which are techniques known to be used by Scattered Spider actors, the alert states.

Later, the advisory tells organizations to “(r)equire phishing-resistant multifactor authentication (MFA).”

CISA partnered with the FBI, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre on the advisory.

Other advice includes limiting the use of remote desktop services, implementing a recovery plan, and compliance with NIST password management policies.

The updated advisory adds a caution that the remote access tools hackers use in the attacks will vary, and a recommendation to “enhance monitoring against unauthorized account misuse.”

The global banking industry has also been working on adapting FIDO2 standards so that they can be adopted for financial use cases. 

Frequently Asked Questions (FAQS): 

Q: What is the FIDO protocol?

A: The FIDO (Fast IDentity Online) protocol is a set of open standards developed by the FIDO Alliance to provide strong authentication and reduce reliance on passwords. It supports various authentication methods, including biometrics and security keys, to enhance security and user experience.

Q: What is a cross-device sign-in feature in FIDO passkeys?

A: The cross-device sign-in feature in FIDO passkeys allows users to authenticate across multiple devices seamlessly. This feature enhances user convenience while maintaining high security standards.

Q: What is the PoisonSeed attack?

A: The PoisonSeed attack is a social engineering technique that attempts to exploit the cross-device sign-in feature of FIDO passkeys. However, it was found that the attack does not grant access to protected assets if the FIDO Cross-Device Authentication flow is properly implemented.

Q: How do legacy MFA methods fail against Scattered Spider attacks?

A: Legacy MFA methods are vulnerable to phishing and other social engineering attacks, which the Scattered Spider group has successfully exploited to gain unauthorized access to sensitive data from major airlines and other organizations.

Q: What recommendations does CISA provide for enhancing cybersecurity?

A: CISA recommends implementing FIDO/WebAuthn authentication or PKI-based MFA, requiring phishing-resistant multifactor authentication, limiting the use of remote desktop services, implementing a recovery plan, and complying with NIST password management policies. 

More Related Topics :