In context: The YubiKey is a hardware security key that simplifies two-factor authentication. Instead of receiving codes via text or an app, users simply tap the YubiKey when logging into accounts, apps, or services that require 2FA. This adds an extra layer of security beyond just a password. However, as researchers have now demonstrated, the device is not infallible.

Researchers have uncovered a cryptographic flaw in the widely adopted YubiKey 5 series. The flaw, known as a side-channel vulnerability, makes the device susceptible to cloning if an attacker gains temporary physical.

The vulnerability was initially discovered by cybersecurity firm NinjaLab, which reverse-engineered the YubiKey 5 series and devised a cloning attack. They found that all YubiKey models running firmware versions prior to 5.7 are susceptible.

The issue stems from a microcontroller made by Infineon, known as the SLB96xx series TPM. Specifically, the Infineon cryptographic library fails to implement a crucial side-channel defense known as "constant time" during certain mathematical operations. This oversight allows attackers to detect subtle variations in execution times, potentially revealing the device's secret cryptographic keys. Even more concerning is that this particular chip is used in numerous other authentication devices, such as smartcards.

It's not all doom and gloom, however Yubico, the company behind YubiKeys, has already released a firmware update (version 5.7) that replaces the vulnerable Infineon cryptographic library with a custom implementation. The downside is that existing YubiKey 5 devices can't be updated with this new firmware, leaving all affected keys permanently vulnerable.

That said, existing YubiKey owners don't need to discard their devices. The attack in question requires significant resources – around $11,000 worth of specialized equipment – and advanced expertise in electrical and cryptographic engineering. It also necessitates knowledge of the targeted accounts and potentially sensitive information such as usernames, PINs, account passwords, or authentication keys.

"The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack," the company noted in its security advisory.

Fair to say, it's not something most cybercriminals can pull off. Targeted attacks by nation-states or well-funded groups are still a possibility, though extremely slim.

Yubico recommends continuing to use them, as they're still safer than relying solely on passwords. However, it's advisable to monitor for any suspicious authentication activities that could indicate a cloned device.

Image credit: Andy Kennedy

Permalink to story:

Newly discovered flaw makes some YubiKeys vulnerable to cloning

Several years ago I did an REU (research experience for undergraduates) for a summer at UConn and the focus of our research was the vulnerabilities of a variety of different algorithms just from side-channel attacks, primarily timing, like the one discussed here. It's interesting how much information can be revealed by just monitoring the time it takes for certain operations to complete. I can confirm that exploiting side channels is quite a tricky affair. Even if you know the source code it can be difficult to pull off (it certainly was during the research, though I was fairly inexperienced). That doesn't mean you're in the clear, though, these days many of the commonly used algorithms and hardware have well known side-channel vulnerabilities (were they not mitigated). The downside of mitigation, of course, is a bit less performance (since you basically have to pad the algorithm to keep the time constant), though that typically isn't an issue since you aren't, for example, trying to maximize frame rate or generated keys per second or what have you.

There are some algorithms that are not cryptographic in nature and are performance critical that do need to be mitigated, primarily if you are doing something sensitive (or just proprietary) and it is running in a shared environment (like the cloud, which is presumably untrusted (better safe than sorry)). That's where most of my research was focused. At the time I didn't think side channels were that big of a deal, but having that awareness just means that when articles come out (as they do quite frequently) showing how side channels can be used to do something unintended, it just underscores how prevalent the research has become and how important it is to think beyond just the theoretical operation of software, but to think about like a machine (that's what it's running on) where an observer can see its operations, even if that observer cannot see the data directly, and how that can reveal secrets that would otherwise be secure.

Funny, saw this on FB, they marked this techreport piece as false -- YubiKey must be Meta sponsor