Breaking FIDO: Are Exploits in There?

Presented at Black Hat USA 2016, Aug. 4, 2016, 2:30 p.m. (25 minutes).

The state of authentication is in such disarray today that a black hat is no longer needed to wreak havoc. One avenue to authentication improvement is offered by the FIDO Alliance's open specifications built around public key cryptography. Does FIDO present a better mousetrap? Are there security soft spots for potential exploitation, such as man-in-the-middle attacks, exploits aimed at supporting architecture, or compromises targeting physical hardware? We will pinpoint where vulnerabilities are hidden in FIDO deployments, how difficult they are to exploit, and how enterprises and organizations can protect themselves.


Presenters:

  • Jerrod Chong - Yubico
    Jerrod Chong is head of solutions at Yubico, where he helps organizations everywhere use YubiKeys. With over 15 years in the security industry, Jerrod is passionate about making strong authentication secure, simple, and scalable. If he's not convincing you that hardware-backed keys are cool, he is looking for good coffee.

Links:

Similar Presentations: