Techly NewsGet the app

Get the latest tech news

Yubikeys are vulnerable to cloning attacks thanks to side channel


Sophisticated attack breaks security assurances of the most popular FIDO key.

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a small microcontroller that’s used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. The Infineon cryptolibrary failed to implement a common side-channel defense known as constant time as it performs modular inversion operations involving the Elliptic Curve Digital Signature Algorithm.

Get the Android app

Or read this on r/technology

Read more on:

Photo of thanks

thanks

Photo of attacks

attacks

Photo of YubiKeys

YubiKeys

Related news:

News photo

Android phones will warn you of earthquakes in all 50 US states thanks to new update

News photo

'Unbreakable' quantum communication closer to reality thanks to new, exceptionally bright photons

News photo

What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits

« Mondragon as the new city-state
Volkswagen is rolling out its ChatGPT assistant to the US »