Security, Spoken Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
Mar 2, 2018
Discover how even the most secure hardware tokens, like Yubikeys, are vulnerable to phishing attacks. Researchers unveil a technique exploiting a critical flaw in Google Chrome, allowing hackers to bypass robust protection. The conversation highlights the complexity of these attacks and the importance of staying vigilant in online security, especially for high-value targets. Prepare for eye-opening insights into the evolving landscape of cyber threats.
AI Snips
Chapters
Transcript
Episode notes
YubiKey Neo Vulnerability Revealed
- YubiKey Neo users are vulnerable to phishing due to a Chrome WebUSB feature bypassing usual security checks.
- This undermines the "unphishable" claim and highlights risks from new browser capabilities.
WebUSB Enables New Phishing Attack
- The attack abuses WebUSB to communicate with YubiKey Neo via a non-standard route, bypassing browser verification.
- This flaw enables a man-in-the-middle attack with sophisticated phishing sites tricking users into enabling WebUSB access.
Disable WebUSB to Prevent Exploits
- Disable Chrome's WebUSB feature to protect your YubiKey and other devices from potential web attacks.
- IT administrators should consider blocking WebUSB to safeguard all employees against such vulnerabilities.