PoisonSeed Hack Bypasses FIDO Keys With QR Code Trick

A newly identified phishing campaign by the PoisonSeed group enables attackers to bypass Fast IDentity Online (FIDO) key protections by manipulating cross-device sign-in features. The PoisonSeed hack bypasses FIDO by tricking users into scanning malicious QR codes with their mobile multifactor authentication (MFA) applications, allowing adversaries to intercept login credentials and complete authentication flows without physical access to a FIDO key.

The attack begins when targets receive phishing emails redirecting them to fraudulent login portals mimicking services like Okta. Once victims enter their credentials, attackers relay the data to legitimate portals and initiate cross-device sign-in requests. The PoisonSeed hack bypasses FIDO protections by capturing and redisplaying QR codes, which users unknowingly scan, finalizing the login process.

Security teams are urged to monitor authentication logs, enforce Bluetooth requirements for cross-device sign-ins, and investigate anomalies such as rapid FIDO key registrations or logins from unusual locations.

Read the full report at: https://cybersecuritynews.com/poisonseed-attack/