FIDO2/YubiKey is widely recognized as a robust defense against Phishing and Man-in-the-Middle attacks (MITMAttack). Its underlying security protocol is fundamentally very secure, with the assumption that the Device itself used with the FIDO2/YubiKey is secure too.
However, if the device used to login is compromised, it opens the door to several theoretical attacks. In this post, I’ve outlined these potential threats. For a more comprehensive understanding, check out the accompanying whitepaper where these issues are explored in detail (page 6-9).
Theoretical Attacks to FIDO2/Yubikey
- Replay Attack with FIDO2 USB Token: Requires physical USB Key access and network packet capture to extract authentication data, altering the time in the future.
- Reverse Shell Replay Attack in Victim-Device: Involves installing a reverse shell in a Victim-Device, altering system time in the future, and capturing login attempts for data (TCP/IP) extraction for replay attack.
- Reverse Proxy in Victim-Device: Installs a reverse proxy in the Victim Device to intercept all communications, enabling data theft and session hijacking in real time.
I haven’t tested these attacks, but upon analyzing the protocols, they appear highly probable.