U2Fishing: potential security threat introduced by U2F key wrapping mechanism

Presented at VB2018, Oct. 5, 2018, 11:30 a.m. (30 minutes)

Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication and has been used by *Facebook*, *Google*, *GitHub*, etc. The keys stored in U2F tokens with secure element chips are considered impossible to be extracted. However, the capability of key pairs storage is limited by secure element chips, FIDO U2F standard allows a key wrapping mechanism which enables unlimited key pairs with limited storage. It's considered safe, but not with an evil manufacturer. In this talk, we will give a real-world example of a U2F phishing attack by retrieving the master secret from an open-source U2F token during the manufacturing process and then giving that U2F token to a victim user. Then we can clone that U2F token by implementing the same key-wrapping mechanism with the master secret recorded. We will demonstrate that *GitHub*, *Gmail* and *Facebook* can all be affected using this kind of U2Fishing method. Some countermeasures will be discussed. On investigating some websites that provide U2F as a two-factor authentication method, we found out that some of them hadn't implemented a cloning detection function (which is recommended by the FIDO Alliance), meaning that U2Fishing victims will not be aware of when an attack has started. This attack will still work even if a cryptography secure element chip such as *Atmel ATECC508A* is used by the U2F token with key wrapping mechanism. It is recommended that end-users should at least carry out a master secret regeneration process when given a new U2F token with key wrapping mechanism. This is currently unavailable for Yubikey.


  • Wang Kang - Alibaba Group
    Wang Kang Wang Kang is a security expert at Alibaba Group, focusing on security issues of IoT, cyber-physical system, V2X, and trusted computing. He was a speaker at Black Hat Europe 2015 and Black Hat USA 2017. He is a contributor to Linux Kernel, (TDD-LTE USB Dongle support) as well as a founder of the Tsinghua University Network Administrators (http://tuna.tsinghua.edu.cn).


Similar Presentations: