|
|
|
|
|
|
by michaelt
468 days ago
|
|
|
Right. The attack is: 1. You intend to log into an (evil) website using your Yubikey U2F token. 2. A popup appears that looks like this: https://developer.chrome.com/docs/capabilities/usb#get_acces... saying the website wants to connect to your Yubikey. 3. You click 'allow' because you do want the website to access your Yubikey. Then you press the button on the Yubikey when the light starts flashing, because that's what you do. 4. Your unphishable credential just got phished. |
|
|