Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    ‘Buy Now, Pay Later’ Booms as Economic Pressures Mount

    June 4, 2025

    The Washington Post is planning to let amateur writers submit columns — with the help of AI

    June 4, 2025

    The US Grid Attack Looming on the Horizon

    June 4, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » YubiKeys Are a Security Gold Standard—but They Can Be Cloned
    Security

    YubiKeys Are a Security Gold Standard—but They Can Be Cloned

    News RoomBy News RoomSeptember 7, 20244 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday.

    The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

    Patching Not Possible

    YubiKey maker Yubico issued an advisory in coordination with a detailed disclosure report from NinjaLab, the security firm that reverse engineered the YubiKey 5 series and devised the cloning attack. All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. Updating key firmware on the YubiKey isn’t possible. That leaves all affected YubiKeys permanently vulnerable.

    “An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys,” the advisory confirmed. “The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM; knowledge of the accounts they want to target; and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge, including username, PIN, account password, or authentication key.”

    Side channels are the result of clues left in physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task that leaks cryptographic secrets. In this case, the side channel is the amount of time taken during a mathematical calculation known as a modular inversion. The Infineon cryptolibrary failed to implement a common side-channel defense known as constant time as it performs modular inversion operations involving the Elliptic Curve Digital Signature Algorithm. Constant time ensures the time-sensitive cryptographic operations execute is uniform rather than variable depending on the specific keys.

    More precisely, the side channel is located in the Infineon implementation of the Extended Euclidean Algorithm, a method for, among other things, computing the modular inverse. By using an oscilloscope to measure the electromagnetic radiation while the token is authenticating itself, the researchers can detect tiny execution time differences that reveal a token’s ephemeral ECDSA key, also known as a nonce. Further analysis allows the researchers to extract the secret ECDSA key that underpins the entire security of the token.

    In Tuesday’s report, NinjaLab cofounder Thomas Roche wrote:

    In the present work, NinjaLab unveils a new side-channel vulnerability in the ECDSA implementation of Infineon 9 on any security microcontroller family of the manufacturer. This vulnerability lies in the ECDSA ephemeral key (or nonce) modular inversion, and, more precisely, in the Infineon implementation of the Extended Euclidean Algorithm (EEA for short). To our knowledge, this is the first time an implementation of the EEA is shown to be vulnerable to side-channel analysis (contrarily to the EEA binary version). The exploitation of this vulnerability is demonstrated through realistic experiments and we show that an adversary only needs to have access to the device for a few minutes. The offline phase took us about 24 hours; with more engineering work in the attack development, it would take less than one hour.

    After a long phase of understanding Infineon implementation through side-channel analysis on a Feitian 10 open JavaCard smartcard, the attack is tested on a YubiKey 5Ci, a FIDO hardware token from Yubico. All YubiKey 5 Series (before the firmware update 5.7 11 of May 6th, 2024) are affected by the attack. In fact all products relying on the ECDSA of Infineon cryptographic library running on an Infineon security microcontroller are affected by the attack. We estimate that the vulnerability exists for more than 14 years in Infineon top secure chips. These chips and the vulnerable part of the cryptographic library went through about 80 CC certification evaluations of level AVA VAN 4 (for TPMs) or AVA VAN 5 (for the others) from 2010 to 2024 (and a bit less than 30 certificate maintenances).

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleSki Resorts Are Stockpiling Snow to Get Through Warm Winters
    Next Article It’s time for the regular iPhone to shine

    Related Posts

    The US Grid Attack Looming on the Horizon

    June 4, 2025

    A Swedish MMA Tournament Spotlights the Trump Administration’s Handling of Far-Right Terrorism

    June 4, 2025

    Deepfake Scams Are Distorting Reality Itself

    June 4, 2025

    Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

    June 4, 2025

    The Texting Network for the End of the World

    June 4, 2025

    Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever

    June 3, 2025
    Our Picks

    The Washington Post is planning to let amateur writers submit columns — with the help of AI

    June 4, 2025

    The US Grid Attack Looming on the Horizon

    June 4, 2025

    How the Loudest Voices in AI Went From ‘Regulate Us’ to ‘Unleash Us’

    June 4, 2025

    Anker’s newest power station is a good mix of power and portability

    June 4, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Security

    A Swedish MMA Tournament Spotlights the Trump Administration’s Handling of Far-Right Terrorism

    By News RoomJune 4, 2025

    The 2024 Swedish tournament mirrors similar extreme right-wing martial arts tournaments hosted elsewhere in Europe…

    Aventon’s Affordable Level 3 Is a Great Starter Electric Bike

    June 4, 2025

    What I learned when I helped my mother move: some personal insights

    June 4, 2025

    Deepfake Scams Are Distorting Reality Itself

    June 4, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.