Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025)

Chaos Computer Club - recent events feed

محتوای ارائه شده توسط CCC media team. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط CCC media team یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

4d ago 19:24

MP4•خانه قسمت

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach more widespread adoption. This presentation discusses the security of passkeys against phishing attacks. It explains the possibilities for an attacker to gain access to accounts secured with passkeys using spear phishing, and what conditions must be met for this to happen. It also practically demonstrates such an attack and discusses countermeasures. Participants will learn which WebAuthn security principles still apply to passkeys and which do not. They will learn why passkeys are no longer completely phishing-proof and how they can evaluate this consideration for their own use of passkeys. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

3361 قسمت

#Technologie #Ccc Congress Hacking Security Netzpolitik #CCC media team #Video