Yikes, YubiKey Vulnerable — ‘EUCLEAK’ FIDO FAIL?
Infineon hardware and software blamed for timing side-channel attack on popular MFA tokens.
The most widely used FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.
But is the sky really falling? In today’s SB Blogwatch, we dig into the nuance.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: RSX-11M on a PDP-11.
USB MFA SCA😱
What’s the craic? Dan Goodin breaks the story: YubiKeys are vulnerable to cloning attacks
“Permanently vulnerable”
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning. [The flaw is] in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas.
…
The researchers … haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. [But they] suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
…
Updating key firmware on the YubiKey isn’t possible. That leaves all affected YubiKeys permanently vulnerable.
Horse’s mouth? Thomas Roche dubbed it, EUCLEAK:
“Waiting for a CVE ID”
Our work unearths a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability — which went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations — is due to a non constant-time modular inversion.
…
All Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library … are vulnerable to the attack. These security microcontrollers are present in a vast variety of secure systems, … like electronic passports and crypto-currency hardware wallets but also smart cars or homes.
…
The new YubiKey firmware 5.7 … (May 6th, 2024) switches the YubiKeys from Infineon cryptographic library to Yubico new cryptographic library. To our knowledge, this new cryptographic library is not impacted. … We are still waiting for a CVE ID.
Actually, it’s CVE-2024-45678. But what should a YubiKey user do? Guru Baran puts it into perspective: YubiKeys cryptographic Flaw
“Unusual authentication activities”
For users currently using vulnerable YubiKeys, it is recommended to:
Continue Using YubiKeys: Despite the vulnerability, using YubiKeys is still safer than relying solely on passwords for authentication.
Monitor for Clones: Implement monitoring mechanisms to detect cloned devices, such as checking for unusual authentication activities.
Even so, this sounds bad—really bad. OptionOfT thinks there’s a world of pain ahead:
I think the most annoying part of this is that you cannot just replace a YubiKey. … You need to manually go through each account and replace the YubiKey with a non-vulnerable key before decommissioning this one. … I don’t remember where I’ve used my YubiKey in the past.
But why not? raburton isn’t sure:
Pity you can’t upgrade the firmware. … Not sure why not—Infineon TPM modules can be upgraded. And how secure is their new custom library? Rolling your own crypto library is never a good idea.
Wait. Pause. Is this actually a big deal? u/Microflunkie thinks it’s a nothingburger:
But it [is] an extremely difficult attack vector to implement:
The attacker needs the correct username and password from the YubiKey holder for whatever account they want to compromise,
They need physical access to the YubiKey, where it must be opened to expose the circuitry, and
[It] requires both equipment costing around $11,000 and the considerable expertise and skill to use it … (likely nation state or comparable entities in terms of resources and skills).
…
I would guess that Yubico will likely do nothing but they may offer discounts towards new keys for customers who might actually be targeted by such an attack. Perhaps military or other high profile/high value entities like financial institutions or similar. For the overwhelming majority of YubiKey owners this vulnerability is likely a non-issue in my opinion.
Come again? rhavenn makes that advice actionable:
I’m glad someone figured this out, … but for 99.99999% of the people who even use YubiKeys this is a non-issue. TLDR: If a random hot guy/girl asks to see your YubiKey at the bar, say no.
Well, yeah, that scenario happens to me all the time. And edent has another smart suggestion:
An attacker [needs] to disassemble the device. If they want to give it back to you, they’ll need to reassemble it. So not exactly trivial! A blob of nail-varnish over a plastic seam might be a useful canary.
Meanwhile, topham cuts to the chase:
A crowbar would be easier. And no—not on the YubiKey.
And Finally:
Set the Wayback machine to the 1970s
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.