Black Hat and DEF CON are, as always, conventions that set the tone for the security savvy for the next year; new findings are released with varying degrees of showmanship, a substantial portion of the hacker community comes back together to see each other, and inevitably the convention site’s computer systems get poked and prodded. I’d like to talk to you about what I walked away with from both conferences from an identity practitioner’s perspective; I fully recognize before I start in here that I may be wrong or misinformed, and I am happy to discuss any of what I say here with any of you; whether it be in the IDPro Slack, or in any other forum.
Problematic Passkey Parley
There were also several discussions at both conferences about FIDO2. I am sure this section will probably be the most divisive of my discussion, but I will do my best to navigate the issues presented at the conferences. Namely, some strong accusations have been made around the security of passkeys and of hardware authenticators, and I feel like we should unpack them.
Phishing Synchronized Passkeys
Two of the talks focused on passkeys specifically. Chad Spensky, Ph. D., discussed a potential avenue for phishing synchronized passkeys in his talk “Your Passkey is Weak: Phishing the Unphishable” (slides available at https://yourpasskeyisweak.com/). Specifically, if an attacker can perform a successful phishing attack to access the service acting as the synchronization fabric for the passkeys (e.g. Google Password Manager) then they have access to everything they need to replicate the passkey. This is obviously problematic, as an attacker who gains the metaphorical keys to the kingdom in this way can then access anything that relies on these passkeys. A second talk, titled “Passkeys Pwned: Turning WebAuthn Against Itself ” by Shourya Pratap Singh, Jonny Lin, and Daniel Seetoh explores a similar path (slides available at https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Shourya%20Pratap%20Singh%20Jonny%20Lin%20Daniel%20Seetoh%20-%20Passkeys%20Pwned%20Turning%20WebAuthn%20Against%20Itself.pdf). The team discusses additional avenues for phishing, such as through a malicious browser extension. The results, unsurprisingly, are the same as Dr. Spensky’s – the user’s passkeys are compromised through what was an assumed-trusted path, and all is lost.
Browser Security and User Manipulation
These two talks, taken in totality, should tell us nothing particularly new as practitioners of identity. If we drink the Kool-Aid and accept the statement that “identity is the new perimeter”, then we might also consider that the browser is the new doorway. As an information-focused society, some among us rely more on our browser software being secure than we do our houses being secure. While phishing is increasingly the easiest way with which an attacker may access a system, if these are accepted as “vulnerabilities” then we too must accept the successful hijacking of an access token generated through an OIDC flow as a vulnerability. While they are both vulnerabilities, what are the actual issues? The actual issues at play here are browser security, and user manipulation. The point here is that a given protocol, program, or defined process has a specific scope – every link in the chain needs to be secure.
Limits of Synchronized Passkeys
Further, the security model of synchronized passkeys predicates that they should not be used by individuals who are attempting to maximize security. Enterprises and individuals potentially targeted by nation states should carefully consider the usage of synced credentials when determining the blast radius of a given system’s compromise. An enterprise or particularly concerned enterprise should seek to conform to more stringent qualifications (such as NIST 800-63’s Authenticator Assurance Level 3) and perhaps consider device-bound passkeys when deciding authentication strategies. Additionally, organizations permitting account recovery or account modifications should do real auditing on their workflows to ensure that real users have the edge over attackers when adding new passkey credentials to an account, or when seeing a passkey login behave strangely. There is a lot more that could be said here around the security of related systems and passkeys, and I will leave that to those of you who wish to passionately discuss those points in these newsletters.
API Confusion in FIDO2
There was, notably, a third talk brought forward by Marco Casagrande and Daniele Antonioli discussing API confusion issues within FIDO2 (paper can be found at https://arxiv.org/pdf/2412.02349). Specifically, they focused on issues in the CTAP protocol – issues that exist regardless of the method that CTAP moves over (such as NFC or Bluetooth) and impact both CTAP1 (what we used to call U2F) as well as CTAP2. Some of the notable issues brought forward through their research are the ability to force lockouts of hardware tokens, force factory reset of these tokens, fill credential storage for these tokens, and profile the underlying authenticator (to potentially compromise the token, or to track the user).
The Hardware Token Catch
While this class of attack is not as flashy as the phishing demos given by the two teams above, it does demonstrate a very real need for physical security for hardware keys! These attacks are potentially brutal, but they require proximity. Given the effective range of these attacks can be measured in feet, an attacker (or accomplice) either needs to be targeting the holder of the security key specifically or needs to construct a device to passively brick hardware tokens. An interesting note is that in Dr. Spensky’s talk a mitigation route that was presented was to use hardware tokens – it turns out that even the best laid plans of security researchers often go awry.
Identity Practitioners and AI
If you were still sleeping on LLMs, Generative Image Models, and other generative models, you have overslept. Identity practitioners of all stripes should now be taking time to understand and experiment with the tools available to them in this space – as well as the extremely complex security and privacy concerns that come from them. There were many talks focused on this intersection of security and AI from multiple perspectives, and I feel like we should unpack some of them.
Apple Intelligence and On/Off-Device Risks
One such talk was Yoav Magid’s talk on Apple Intelligence (article available at https://www.lumia.security/blog/applestorm), a complex dance of on-device model usage versus off-device data transport occurs depending on what is requested. These requests, while seemingly inoffensive, can transfer sensitive data to servers not under your organization’s control with no means to know when and where this will occur. The adoption of Agentic AI by consumers will muddy these waters; we as identity practitioners will need to keep in mind the ramifications of telling an AI agent they are allowed to do something on behalf of a user.
Enterprise AI Exploitation and Guardrail Weaknesses
In another talk called “AI Enterprise Compromise – 0click Exploit Methods”, Michael Bargury and Tamir Ishay Sharbat drove home some pretty powerful and concerning points around the new frontier of abusing enterprise-oriented AI (articles around this available at https://labs.zenity.io/p/hsc25). Some particularly salient concepts from their talk are that LLMs as designed “are doomed to complete”- that is to say that they cannot dissent to a properly crafted request, and guardrails are simply soft boundaries that can be worked around through careful prompt design. A more nuanced, careful approach needs to be taken to clearly define what agentic AI can or cannot get to.
AI as an Offensive Security Tool
The final theme of the two conferences was the synthesis of AI into not only adjacent tasks, but society. Brendan Dolan-Gavitt presented a very compelling talk (“AI Agents for Offsec with Zero False Positives”, you can see an unfortunately light on details article at https://www.darkreading.com/vulnerabilities-threats/ai-based-pen-tester-top-bug-hunter-hackerone) around how to ask LLMs to work as an attacker – moving against an established system to red team on your behalf. The results speak for themselves, with over 174 vulnerabilities reported (22 CVEs issued at time of talk, with the rest pending). This sort of embrace of AI as co-conspirator is not necessarily revolutionary, but it is iteratively necessary.
Thinking Like a Hacker in the Age of AI
A second talk, perhaps much further ahead than Dolan-Gavitt’s in terms of the impact of AI but less technical, was the talk given by Richard “neuralcowboy” Thieme titled “Thinking Like a Hacker in the Age of AI”. Thieme, through his 45 minutes, discussed how technology and the means by which we pursue mastery have evolved rapidly. To quote him, “Many of the current disciplines, now named, did not exist only 10 or 20 years ago. And experts in them cannot keep up with all the materials published in their own areas of expertise”.
Community and Shared Burden
I, as a humble systems integrator at an identity vendor, especially feel this sting – new advancements in the field seem to occur daily, and there is a fatigue that is generated by attempting to keep up by myself. How comforting it is, then, to have a space such as IDPro from which I can have some of that cognitive burden of continual pursuit lifted – not because I or any one of our practitioners are somehow less motivated – but precisely because everyone is so motivated. By knowing the value and depth the organization provides, we make each other better.
As our industry further synthesizes with generative models and a whole host of new disciplines arise from it, we as practitioners will need to be mentally flexible. We will need to be continually curious. We must keep shifting the context in which we engage with technology, such that it is with passion and intent. We must keep shifting context such that we are no longer mere operators in these systems. We must keep shifting context such that we become and remain creators and active participants in these systems. As technologists and humans, we cannot afford to do otherwise.
Disclaimer: The views expressed in the content are solely those of the author and do not necessarily reflect the views of the IDPro organization.
Author
Rusty Deaton has been in Identity and Access Management for over a decade. He began in technology as a technical support engineer for a Broker-Dealer and has since worked across many industries, carrying forward a passion for doing right by people. When not solving problems, he loves to tinker with electronics and read. He currently works as Federal Principal Architect for Radiant Logic.
