CTRAPS-CTAP Impersonation, API Confusion Attacks on FIDO2

Name: CTRAPS-CTAP Impersonation, API Confusion Attacks on FIDO2
Description: FIDO2 is the current gold standard for phishing-resistant multi-factor and passwordless authentication, deployed by major platform vendors and recommended by CISA, NIST, and enterprise security guidan

Marco Casagrande, Daniele Antonioli

DEF CON 33 · Day 2 · Main Stage

FIDO2 is the current gold standard for phishing-resistant multi-factor and passwordless authentication, deployed by major platform vendors and recommended by CISA, NIST, and enterprise security guidan

AI review

Systematic protocol-level attack framework against FIDO2's CTAP layer with live hardware demos against YubiKeys — striking at the trust assumption everyone makes about phishing-resistant auth.

Watch on YouTube