Embedded Files
Published Date : 7/30/2025
Recent cybersecurity updates have not only cleared a reported FIDO passkey vulnerability but also reemphasized the protocol's role in preventing spider infestations and other sophisticated attacks. The FIDO Alliance continues to be a leading choice for secure authentication methods.
Recent cybersecurity updates have not only cleared a reported FIDO passkey vulnerability but also reemphasized the protocol's role in preventing spider infestations and other sophisticated attacks. The FIDO Alliance continues to be a leading choice for secure authentication methods.
A pair of cybersecurity updates represent significant wins for the FIDO protocol, while also signaling a potential decline for legacy versions of multi-factor authentication (MFA). A reported passkey vulnerability has been retracted, and the FIDO protocol is now recommended as the solution to the vulnerability of “phishable” MFA, which has been causing widespread issues in corporate networks worldwide.
The PoisonSeed attack, initially reported by security company Expel, was found to be ineffective if the FIDO Cross-Device Authentication flow is properly implemented. The alleged vulnerability involved using the “cross-device sign-in” feature of FIDO passkeys and social engineering to execute an adversary-in-the-middle (AitM) attack. However, the attack was only able to pass the password factor of the authentication flow by tricking a target, likely an employee, into scanning a QR code substituted by the attacker for one from Okta. Despite this, all subsequent MFA challenges failed, and the attacker was never granted access to the requested resource, according to a new blog post from Expel.
The company has issued an apology and credited the FIDO community for its engagement and support in clarifying the situation.
Legacy MFA methods have been blamed for a recent series of successful hacks by the Scattered Spider attack group, which exposed data from major airlines. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has updated its advisory to reflect tactical changes, but it retains a strong recommendation to implement FIDO/WebAuthn authentication or Public Key Infrastructure (PKI)-based MFA. The advisory states, “These MFA implementations are resistant to phishing and not susceptible to push bombing or SIM swap attacks, which are techniques known to be used by Scattered Spider actors.”
The advisory, which was a collaborative effort involving the FBI, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, also advises organizations to require phishing-resistant multifactor authentication (MFA). Other recommendations include limiting the use of remote desktop services, implementing a recovery plan, and adhering to NIST password management policies. The updated advisory adds a caution that the remote access tools used by hackers in these attacks can vary and recommends enhancing monitoring against unauthorized account misuse.
The global banking industry has also been working on adapting FIDO2 standards to ensure they can be effectively adopted for financial use cases. This effort underscores the growing recognition of FIDO's role in enhancing security across various sectors.
The FIDO Alliance continues to be a trusted and recommended solution for organizations looking to protect their networks and data from sophisticated attacks. Its phishing-resistant capabilities make it a crucial tool in the ongoing battle against cyber threats.
Frequently Asked Questions (FAQS):
Frequently Asked Questions (FAQS):
Q: What is the FIDO protocol?
A: The FIDO (Fast IDentity Online) protocol is a set of open standards designed to provide strong, secure, and user-friendly authentication methods. It includes technologies like FIDO2 and WebAuthn, which are resistant to phishing and other common cyber attacks.
Q: What is the PoisonSeed attack?
A: The PoisonSeed attack is a method where an adversary uses social engineering and the ‘cross-device sign-in’ feature of FIDO passkeys to attempt an adversary-in-the-middle (AitM) attack. However, if the FIDO Cross-Device Authentication flow is properly implemented, the attack fails to grant access to protected assets.
Q: Why is FIDO recommended over legacy MFA methods?
A: FIDO is recommended over legacy MFA methods because it is resistant to phishing and other common attacks, such as push bombing and SIM swap attacks. Legacy MFA methods have been shown to be vulnerable to these types of attacks, leading to successful hacks and data breaches.
Q: What are the key recommendations from the CISA advisory?
A: The CISA advisory recommends implementing FIDO/WebAuthn authentication or PKI-based MFA, requiring phishing-resistant multifactor authentication, limiting the use of remote desktop services, implementing a recovery plan, and adhering to NIST password management policies.
Q: How is the global banking industry adapting FIDO2 standards?
A: The global banking industry is working on adapting FIDO2 standards to ensure they can be effectively adopted for financial use cases. This includes integrating FIDO2 into various financial services to enhance security and prevent fraud.
More Related Topics :
More Related Topics :
Page updated
Report abuse