Older YubiKeys Vulnerable to Sophisticated Cloning Attacks - Report
A cryptographic flaw in the YubiKey 5, a popular FIDO-based hardware token, makes it vulnerable to cloning if an attacker gets temporary physical access, researchers revealed Tuesday.
YubiKey is a small hardware device, commonly used for multi-factor authentication (MFA), handling time-based one-time passwords, and signing, encrypting, and decrypting messages.
- The attack requires $11,000 in equipment and advanced electrical and cryptographic knowledge, likely limiting it to nation-states or similar entities in targeted scenarios. The risk of widespread attacks is extremely low.
- YubiKeys with firmware before version 5.7 (released in May with a custom cryptolibrary) are vulnerable. Firmware updates aren't possible, so affected YubiKeys remain permanently at risk.
Yubico issued an advisory alongside NinjaLab's detailed disclosure report. NinjaLab reverse-engineered the YubiKey 5 series and developed the cloning attack.
"An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys. The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key," the advisory confirmed.
- To check your YubiKey's firmware version, use the Yubico Authenticator app.
Affected products:
- YubiKey 5 Series versions prior to 5.7.
- YubiKey 5 FIPS Series prior to 5.7.
- YubiKey 5 CSPN Series prior to 5.7.
- YubiKey Bio Series versions prior to 5.7.2.
- Security Key Series all versions prior to 5.7.
- YubiHSM 2 versions prior to 2.4.0.
- YubiHSM 2 FIPS versions prior to 2.4.0.
Not affected products:
- YubiKey 5 Series version 5.7.0 and newer.
- YubiKey 5 FIPS Series 5.7 and newer (FIPS submission in process).
- YubiKey Bio Series versions 5.7.2 and newer.
- Security Key Series versions 5.7.0 and newer.
- YubiHSM 2 versions 2.4.0 and newer.
- YubiHSM 2 FIPS versions 2.4.0 and newer.
- The cryptographic flaw, a side-channel, exists in a microcontroller used in many authentication devices like smartcards, electronic passports, and secure access cards. Researchers confirmed YubiKey 5 models can be cloned but haven't tested other devices with the same microcontroller, such as the Infineon SLE78 and its successors, Optiga Trust M and Optiga TPM. They suspect these devices share the same vulnerability.
A key question that remains unanswered at the moment is what other security devices rely on the three vulnerable Infineon secure modules and use the Infineon cryptolibrary? Infineon has yet to issue an advisory and didn't respond to an email asking for one," writes Ars Technica.
- Back in July, Bitcoin self-custody services firm Casa announced integration with YubiKeys for enhanced security of user Bitcoin vaults. The vulnerability is unlikely to affect the firm's customers, as the service works with newer firmware (v5.7) devices that ship with expanded data storage capabilities.
Ars Technica Article / Archive
Security Advisory
Disclosure Report