U2Fishing: potential security threat introduced by U2F key wrapping mechanism

Friday 5 October 11:30 - 12:00, Red room

Wang Kang (Alibaba Group)

Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication and has been used by Facebook, Google, GitHub, etc. The keys stored in U2F tokens with secure element chips are considered impossible to be extracted. However, the capability of key pairs storage is limited by secure element chips, FIDO U2F standard allows a key wrapping mechanism which enables unlimited key pairs with limited storage. It's considered safe, but not with an evil manufacturer.

In this talk, we will give a real-world example of a U2F phishing attack by retrieving the master secret from an open-source U2F token during the manufacturing process and then giving that U2F token to a victim user. Then we can clone that U2F token by implementing the same key-wrapping mechanism with the master secret recorded. We will demonstrate that GitHub, Gmail and Facebook can all be affected using this kind of U2Fishing method.

Some countermeasures will be discussed. On investigating some websites that provide U2F as a two-factor authentication method, we found out that some of them hadn't implemented a cloning detection function (which is recommended by the FIDO Alliance), meaning that U2Fishing victims will not be aware of when an attack has started.

This attack will still work even if a cryptography secure element chip such as Atmel ATECC508A is used by the U2F token with key wrapping mechanism. It is recommended that end-users should at least carry out a master secret regeneration process when given a new U2F token with key wrapping mechanism. This is currently unavailable for Yubikey.




Wang Kang

Wang Kang is a security expert at Alibaba Group, focusing on security issues of IoT, cyber-physical system, V2X, and trusted computing. He was a speaker at Black Hat Europe 2015 and Black Hat USA 2017. He is a contributor to Linux Kernel, (TDD-LTE USB Dongle support) as well as a founder of the Tsinghua University Network Administrators (http://tuna.tsinghua.edu.cn).

   Download slides

Back to VB2018 Programme page

Other VB2018 papers

DNS tunnelling: that's not your grandma's exfil

Brad Antoniewicz (Cisco Umbrella)

Behind the scenes of the SamSam investigation

Peter Mackenzie (Sophos)
Andrew Brandt (Sophos)

Hide'n'Seek: an adaptive peer-to-peer IoT botnet

Adrian Șendroiu (Bitdefender)
Vladimir Diaconescu (Bitdefender)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.