PoisonSeed Phishing Campaign Exploits WebAuthn Cross-Device Authentication to Bypass FIDO

The PoisonSeed phishing campaign has discovered a method to bypass FIDO authentication by exploiting the cross-device authentication mechanism in WebAuthn. This attack involves tricking victims into confirming login requests from fake corporate portals. FIDO and WebAuthn are designed to provide secure, passwordless authentication using public-key cryptography. However, the cross-device authentication mechanism, which allows users to start authentication on one device and complete it on another, can be exploited through social engineering. Attackers send malicious authentication requests that appear legitimate, and if victims approve these requests, the attackers gain access. This exploitation undermines the trust in FIDO-based authentication systems, which are widely regarded as secure. The impact on the cybersecurity landscape is substantial, as it highlights the vulnerability of even robust authentication mechanisms to social engineering attacks. Organizations should mitigate this risk by educating users on the importance of verifying authentication requests and possibly implementing additional verification steps or delays in the authentication process. This incident serves as a reminder that while advanced authentication methods like FIDO and WebAuthn enhance security, user awareness and vigilance remain critical components of a comprehensive cybersecurity strategy.