CTRAPS at Euro S&P'25 and DEF CON 33
This week we presented at IEEE Euro S&P'25 CTRAPS: CTAP Impersonation and API Confusion on FIDO2, a paper about the security and privacy of FIDO2, a widespread standard used for single-factor and multi-factor authentication. We focus on the Client to Authenticator Protocol (CTAP), an application layer protocol spoken by a FIDO2 authenticator (e.g., a YubiKey) and a client (e.g., a smartphone or a laptop). We uncover seven CTAP design issues in the FIDO2 standard, including the lack of Client to Authenticator authentication, and eleven related new attacks we call CTRAPS.
The CTRAPS attacks are effective on any CTAP compliant FIDO2 client and authenticator since they exploit design issues, i.e., millions of FIDO2 devices and users. Their effects, include deletion of discoverable and non-discoverable credentials, DoS of an authenticator, and user tracking with FIDO2 credentials. The attacks affect not only a FIDO2 authenticator but also a relying party, e.g., by deleting the master key a user loses all the related non-discoverable credentials stored on the relying parties.
The eleven CTRAPS attacks are grouped into two classes:
- four Client Impersonation (CI) attacks: where the attacker impersonates a client to an authenticator over CTAP to achieve several goals, like 0-click deletion of all credentials stored on the authenticator via the reset CTAP API call.
- seven API Confusion (AC) attacks: where the attacker MitM a CTAP channel between a client and an authenticator and confound the authenticator by calling a different API than the one intended to be called by the client, e.g., the client thinks it has called and authorized the make credential API while the attacker calls the reset API and deletes all credentials.
We also release a toolkit implementing the attacks. It can be used for CTAP security testing as it includes a virtual CTAP testbed to test an authenticator without having to compromise real credentials and several malicious Clients to test various attack scenarios.
We successfully evaluate the CTRAPS attacks on six popular FIDO2 authenticators, including (FIPS compliant) YubiKeys, Feitian, and Solo and ten popular relying parties, like apple.com, github.com, adobe.com, and facebook.com.
We also release five CTRAPS attacks demos.
Moreover, we discovered an implementation-specific vulnerability affecting Yubikeys allowing to enumerate relying parties without authorization. Yubico promptly acknowledged the issue, see CVE-2024-35311, and YSA-2024-02. They released a new firmware fixing the vulnerability which is shipped with the following Yubikeys Series: 5, Security Key, Bio, FIPS,and CSPN.
We will also present CTRAPS at DEF CON 33.
More CTRAPS resources: