Blog

Hardware Partner: Feitian

FEITIAN Technologies is one of the leading supplier of smartcards and security keys. Together with the Hardware Security SDK, their newest hardware can be used to protect industrial systems at scale.

Hardware Partner: SoloKeys

We partnered with SoloKeys to provide full passwordless authentication for industrial systems using FIDO2. But what does this mean for security?

SDK provides WebAuthn for Nextcloud

To provide a passwordless experience on Android, we teamed up with Portknox and Nextcloud’s Android developers and integrated our SDK in Nextcloud’s Android app 3.14.0.

PIN Bypass in Passwordless WebAuthn on microsoft.com and Nextcloud

We were able to bypass the PIN authentication when logging into microsoft.com. This breakes the assumption of requiring two factors and allows an attacker to log into the victim’s account by using only the security key. If the security key supports NFC, the attacker could sneak up on the victim and log in without getting noticed.

Version 4 with WebAuthn/FIDO2 Support

Hardware Security SDK version 4.0.0 has been released. It supports the WebAuthn standard, which is part of the FIDO2 set of standards. Finally, we bring passwordless WebAuthn logins to Android working with security keys and smartcards over NFC and USB.

Hardware Security SDK accepted into the 'Works with YubiKey Program'

Yubico has tested our FIDO implementation and accepted the Hardware Security SDK in their “Works with YubiKey Program”. By entering the program we have joined a list of companies which hold some of the industry leaders like GitHub, Dropbox, and Twitter.

heise devSec: NFC connection quality for FIDO logins

The quality of the connection depends strongly on how the NFC antenna is integrated in the smartphone. COTECH therefore collects device-dependent data to show the end user the best NFC location.

Nextcloud Two-Factor Authentication

Since Version 11, Nextcloud supports Universal Second Factor (U2F) login within compatible browsers. Finally, Nextcloud‘s Android client provides U2F in version 3.8. On Android, there is no U2F API available in a WebView, Android’s in-app browser view, which is used by Nextcloud for its login flow. COTECH’s Hardware Security SDK changed that. It hides away the difficulties of communicating with security key and provides an easy API for developers. So that Nextcloud can bring U2F to its Androids users.