FIDO2 is the de-facto standard for passwordless and 2FA authentication. FIDO2 relies on the Client-to-Authenticator Protocol (CTAP) to secure communications between clients (e.g., web browsers) and authenticators (e.g., USB dongles). In this talk, we perform a security assessment of CTAP and its Authenticator API. This API is a critical protocol-level attack surface that handles credentials and authenticator settings.
We investigate the standard FIDO2 setup (credentials stored by the relying party) and the most secure setup, where credentials are stored on the authenticator, protected from data breaches. We find that FIDO2 security mechanisms still rely on phishable mechanisms (i.e., PIN) and unclear security boundaries (e.g., trusting unauthenticated clients).
We introduce eleven CTRAPS attacks grouped into two novel classes: Client Impersonation and API Confusion. These attacks exploit CTAP vulnerabilities to wipe credentials, perform unauthorized factory resets, and track users. Our open-source toolkit implements the attacks on two Android apps, an Electron app, and a Proxmark3 script, supporting the USB HID and NFC transports. In our demos, we show how to use our CTRAPS toolkit to exploit popular authenticators, like YubiKeys, and relying parties, like Microsoft and Apple.
