close
close

Researcher Finds Unfixable But Hard-to-Exploit Flaw in Yubikeys

Researcher Finds Unfixable But Hard-to-Exploit Flaw in Yubikeys

Some versions Yubikeysone of the most widely used two factor authentication (2FA) hardware tools are vulnerable to side-channel attacks.

Security expert and NinjaLab co-founder Thomas Roche has identified a cryptographic flaw in YubiKey 5 Series devices that makes them vulnerable to cloning if an attacker gains temporary physical access.

Although it is not possible to eliminate this vulnerability, it is also very difficult to exploit.

Understanding How to Use Yubikeys

Yubikeys are physical USB-based security devices developed by Yubico that add an extra layer of protection when logging into online accounts. They are typically used to: 2FAIn addition to a password, a physical device is required to access your accounts.

Yubikeys are considered by many security experts to be one of the most secure hardware options. multi-factor authentication (MFA), especially since they generally support the Fast Identity Online 2 (FIDO2) standard.

FIDO2 authentication, jointly developed by the FIDO Alliance and the World Wide Web Consortium (W3C), is based on public-key cryptography, which is more secure than password-based authentication and more resistant to phishing and other attacks.

Read more: Is MFA enough to protect you from cyberattacks?

A Side Channel Vulnerability That Has Gone Unnoticed for 14 Years

While conducting a side-channel attack, which it dubbed EUCLEAK, Roche found a vulnerability in a cryptographic library used in most of its YubiKey products that allowed it to clone these devices.

A side-channel attack is an attack attempt that aims to exploit the physical characteristics of a device or system to obtain sensitive information.

The side-channel vulnerability, a cryptographic flaw in a library provided by Infineon Technologies, one of the largest secure element manufacturers, went unnoticed for 14 years and in approximately 80 top-level Common Criteria certification assessments, the researcher noted.

The researcher contacted Yubico before publishing the results of his experiment.

Affected Yubikey Devices

In one public consultancyYubico has acknowledged the vulnerability and stated that the affected devices are:

  • YubiKey 5 Series before version 5.7
  • YubiKey 5 FIPS Series before version 5.7
  • YubiKey 5 CSPN Series before version 5.7
  • YubiKey Bio Series before version 5.7.2
  • Security Key Series prior to version 5.7
  • YubiHSM 2 Versions prior to version 2.4.0
  • YubiHSM 2 FIPS before version 2.4.0

Newer versions are not affected.

Complex Yubikey Exploit Scenario

The severity of the vulnerability is “medium,” the key maker said.

This is partly because it is relatively difficult to exploit. Roche used €11,000 worth of materials to carry out the EUCLEAK attack and had physical access to the device – both of which could be prohibitive criteria.

Roche a typical attack scenario is provided Successful exploitation of the Yubikey vulnerability will:

  1. Attacker steals the username and password of a victim’s application account protected with FIDO (for example, through a phishing attack)
  2. Attacker gains physical access to the victim’s device for a limited time without the victim being aware of it
  3. With the stolen victim username and password (for a specific application account), the attacker sends the authentication request to the device as many times as necessary while performing side-channel measurements
  4. The adversary silently returns the FIDO device to the victim
  5. The attacker performs a side-channel attack on the measurements and manages to extract the Elliptic Curve Digital Signature Algorithm (ECDSA) private key associated with the victim’s application account
  6. The attacker can log into the victim’s application account without the FIDO device or the victim being aware of it. In other words, the attacker has created a clone of the FIDO device for the victim’s application account. This clone will gain access to the application account unless the legitimate user revokes their authentication credentials.