QR Code Phishing Bypasses FIDO Keys in New Attack

A new phishing campaign is exploiting QR codes to sidestep FIDO security keys, raising concerns about cross-device authentication methods. The method, identified as a man-in-the-middle attack, uses a deceptive login page to intercept sign-in attempts. This approach, where QR Code Phishing Bypasses traditional authentication layers, targets users who rely on QR-based login flows between devices.

Attackers relay the legitimate login process through a fake website, tricking users into scanning a malicious QR code. Once the code is scanned, the attackers can hijack the session without needing the user’s FIDO key. This technique undermines the added layer of protection that FIDO keys typically offer, especially in cross-device scenarios. QR Code Phishing Bypasses these safeguards by manipulating trust in the login interface.

The phishing method highlights a growing need for vigilance when using QR codes for authentication. To learn more about this evolving threat, read the full report at the link below.

https://www.scworld.com/news/phishing-attack-abuses-qr-codes-to-bypass-fido-keys