Techly NewsGet the app

Get the latest tech news

YubiKeys Are a Security Gold Standard—but They Can Be Cloned


Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. The Infineon cryptolibrary failed to implement a common side-channel defense known as constant time as it performs modular inversion operations involving the Elliptic Curve Digital Signature Algorithm.

Get the Android app

Or read this on Wired

Read more on:

Photo of YubiKeys

YubiKeys

Related news:

News photo

YubiKeys have an unfixable security flaw — but it’s difficult to exploit

News photo

YubiKeys Are Vulnerable To Cloning Attacks Thanks To Newly Discovered Side Channel

News photo

Yubikeys are vulnerable to cloning attacks thanks to side channel

« Osom is shutting down on Friday, as it had ‘no customers for a mobile phone’
When to Expect the iPhone SE 4 to Launch »