Hackers Deploy Dedicated Phishlet for FIDO Authentication Downgrade Attacks

Proofpoint researchers have uncovered a novel technique allowing threat actors to bypass FIDO-based authentication through downgrade attacks, leveraging a custom phishlet within adversary-in-the-middle (AiTM) frameworks.

This method exploits gaps in browser compatibility and user agent handling, forcing victims to revert to less secure multi-factor authentication (MFA) mechanisms, thereby enabling credential theft and session hijacking.

While FIDO standards, promoted by the FIDO Alliance, are hailed as phishing-resistant by eliminating traditional passwords and incorporating hardware keys with biometrics or PINs, this downgrade vector demonstrates that even robust systems can be undermined by social engineering and protocol manipulation.

Phishing-Resistant Authentication

The attack hinges on the creation of a dedicated phishlet for tools like Evilginx, a popular AiTM framework.

In execution, attackers initiate the phishing chain by delivering a malicious link via email, SMS, or OAuth consent prompts, directing victims to ...