Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> NFC tokens have basically no security against a close range attacker. How much this matters depends on the threat model.

No, the CTAP standard (what FIDO is using for communication with NFC tokens) provides pretty good resistance against this threat. There's actually a diffie-helman key exchange between the computer (platform) and authenticator (token). The only way it could really be better is if it did challenge-response for your PIN authentication, but as it is if you eavesdrop a CTAP NFC exchange you do not get the user's PIN, or the ability to generate/use a credential later.

In order to attack a CTAP token over NFC you need to man-in-the-middle it.



In order to attack a CTAP token, I can tap it against an ordinary phone or a Proxmark or any PN532 device attached to a computer with some fairly straightforward software. There isn’t any authentication! It could be ECDH or SnakeOil-102400-super unbreakable for all an attacker cares: the attacker can just speak the protocol as specified.

edit: Okay, I found the pinToken mechanism in the spec. It is, to put it politely, not a PAKE. It has a trivial DoS attack by design allowing anyone nearby to destroy an authenticator. It looks vulnerable to an attack in which someone taps a malicious token against a phone or other reader, triggering the phone to try to authenticate, and thus captures the PIN, hashed but not even salted.

Oh, and I’ve personally never been prompted to set a PIN, and the UX looks miserable.


That's why you either use authenticators as a second factor only (i.e. you require a password entry first), or you require user verification (which is usually a PIN entry verified by the authenticator). Both solve this problem.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: