Navigation
Recherche
|
YubiKeys Are Vulnerable To Cloning Attacks Thanks To Newly Discovered Side Channel
mardi 3 septembre 2024, 20:10 , par Slashdot
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday. ArsTechnica: The cryptographic flaw, known as a side channel, resides in a small microcontroller that's used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven't tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contain the same vulnerability.
YubiKey-maker Yubico issued an advisory in coordination with a detailed disclosure report from NinjaLab, the security firm that reverse-engineered the YubiKey 5 series and devised the cloning attack. All YubiKeys running firmware prior to version 5.7 -- which was released in May and replaces the Infineon cryptolibrary with a custom one -- are vulnerable. Updating key firmware on the YubiKey isn't possible. That leaves all affected YubiKeys permanently vulnerable. Read more of this story at Slashdot.
https://it.slashdot.org/story/24/09/03/1810216/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-...
Voir aussi |
56 sources (32 en français)
Date Actuelle
sam. 16 nov. - 02:54 CET
|