Breaking FIDO: Are Exploits in There?

by Jerrod Chong Sept. 15, 2017 via www.blackhat.com submitted by belen_caty

The state of authentication is in such disarray today that a black hat is no longer needed to wreak havoc. One avenue to authentication improvement is offered by the FIDO Alliance's open specifications built around public key cryptography. Does FIDO present a better mousetrap? Are there security soft spots for potential exploitation, such as man-in-the-middle attacks, exploits aimed at supporting architecture, or compromises targeting physical hardware? We will pinpoint where vulnerabilities are hidden in FIDO deployments, how difficult they are to exploit, and how enterprises and organizations can protect themselves.

https://www.blackhat.com/us-16/briefings.html#breaking-fido-are-exploits-in-there

Avatar
Steven Ulm 3 weeks, 6 days ago

This is the first time I read about FIDO. Interesting enough for me to share it on my LinkedIn. Thanks!

Reply