Hacker News new | ask | show | jobs
by flixic 1720 days ago
I never thought about this, but yes, I think it can be MITM'ed exactly as you described. Same attack can probably be performed on the web, where Smart ID is also a sign in method.
1 comments
xorcist 1719 days ago
I have worked with something similar and this type of phishing is not only possible but much too common.

WebAuthn is really what is good enough. Luckily it's well supported on all important platforms so there's really no excuse using anything worse.

link