A Security and Usability Analysis of Local Attacks Against FIDO2

TL;DR

This paper investigates local attack vulnerabilities in FIDO2, revealing four key flaws, demonstrating seven feasible attacks, and providing improvements and recommendations to enhance security and usability against local threats.

Contribution

It identifies overlooked local attack vectors on FIDO2, analyzes implementation flaws, demonstrates attack feasibility, and proposes solutions for improved security and user awareness.

Findings

Seven attacks demonstrated on real-world FIDO2 implementations

Browser extensions can facilitate attacks if compromised

User studies show current defenses are insufficient

Abstract

The FIDO2 protocol aims to strengthen or replace password authentication using public-key cryptography. FIDO2 has primarily focused on defending against attacks from afar by remote attackers that compromise a password or attempt to phish the user. In this paper, we explore threats from local attacks on FIDO2 that have received less attention -- a browser extension compromise and attackers gaining physical access to an HSK. Our systematic analysis of current implementations of FIDO2 reveals four underlying flaws, and we demonstrate the feasibility of seven attacks that exploit those flaws. The flaws include (1) Lack of confidentiality/integrity of FIDO2 messages accessible to browser extensions, (2) Broken clone detection algorithm, (3) Potential for user misunderstanding from social engineering and notification/error messages, and (4) Cookie life cycle. We build malicious browser extensions and demonstrate the attacks on ten popular web servers that use FIDO2. We also show that many browser extensions have sufficient permissions to conduct the attacks if they were compromised. A static and dynamic analysis of current browser extensions finds no evidence of the attacks in the wild. We conducted two user studies confirming that participants do not detect the attacks with current error messages, email notifications, and UX responses to the attacks. We provide an improved clone detection algorithm and recommendations for relying part