CTRAPS: CTAP Impersonation and API Confusion Attacks on FIDO2

Presented at DEF CON 33 (2025), Aug. 9, 2025, 1:30 p.m. (45 minutes).

FIDO2 is the de-facto standard for passwordless and 2FA authentication. FIDO2 relies on the Client-to-Authenticator Protocol (CTAP) to secure communications between clients (e.g., web browsers) and authenticators (e.g., USB dongles). In this talk, we perform a security assessment of CTAP and its Authenticator API. This API is a critical protocol-level attack surface that handles credentials and authenticator settings. We investigate the standard FIDO2 setup (credentials stored by the relying party) and the most secure setup, where credentials are stored on the authenticator, protected from data breaches. We find that FIDO2 security mechanisms still rely on phishable mechanisms (i.e., PIN) and unclear security boundaries (e.g., trusting unauthenticated clients). We introduce eleven CTRAPS attacks grouped into two novel classes: Client Impersonation and API Confusion. These attacks exploit CTAP vulnerabilities to wipe credentials, perform unauthorized factory resets, and track users. Our open-source toolkit implements the attacks on two Android apps, an Electron app, and a Proxmark3 script, supporting the USB HID and NFC transports. In our demos, we show how to use our CTRAPS toolkit to exploit popular authenticators, like YubiKeys, and relying parties, like Microsoft and Apple. References: - Casagrande, Marco and Antonioli, Daniele. CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2. [link](https://arxiv.org/abs/2412.02349), 2024. - Ninja Lab. A Side Journey to Titan. [link](https://ninjalab.io/a-sidejourney-to-titan), 2024. - Victor Lomne. An Overview Of The Security Of Some Hardware FIDO(2) Tokens. [link](https://www.youtube.com/watch?v=hpOp9X4sMaE), HardWear.io NL, 2022. - Christiaan Brand. Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys. [link](https://security.googleblog.com/2019/05/titan-keys-update.html), 2019. - Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao. A Formal Analysis of the FIDO2 Protocols. In European Symposium on Research in Computer Security (ESORICS), pages 3–21, 2022. - Manuel Barbosa, André Cirne, and Luís Esquível. Rogue key and impersonation attacks on FIDO2: From theory to practice. In Proceedings of the 18th International Conference on Availability, Reliability and Security. Association for Computing Machinery, 2023. - Ahmed Tanvir Mahdad, Mohammed Jubur, and Nitesh Saxena. Breaching Security Keys without Root: FIDO2 Deception Attacks via Overlays exploiting Limited Display Authenticators. In Proceedings of the ACM conference on computer and communications security (CCS), 2024.

Presenters:

• Marco Casagrande
  Marco Casagrande is a postdoctoral researcher in cybersecurity at the KTH Royal Institute of Technology (Sweden). He specializes in the security of real-world smart devices, including fitness trackers, FIDO authenticators, and electric scooters.
• Daniele Antonioli
  Daniele Antonioli is an Assistant Professor at EURECOM in the software and system security (S3) group. He researches and teaches applied system security and privacy, with an emphasis on wireless communication, such as Bluetooth and Wi-Fi, embedded systems, such as cars and fitness trackers, mobile systems, such as smartphones, and cyber-physical systems, such as industrial control systems.

Similar Presentations:

• Blue Team Con 2022 / Satisfying compliance requirements with passwordless credentials
• BSidesSF 2019 / Navigating Passwordless Authentication with FIDO2 & WebAuthn
• BSidesSF 2019 / Securing Online Identities with Simple, Secure, Open Standards