close
close

Hackers Copy YubiKeys Through New Side-Channel Exploit

Hackers Copy YubiKeys Through New Side-Channel Exploit

In a successful attack scenario, a malicious actor steals a user’s login ID and password (via phishing or other means), then gains physical access to their token without their knowledge. They then send authentication requests to the token while recording the token’s measurements. Once the device is returned, they can launch a side-channel attack to extract the Elliptic Curve Digital Signature Algorithm (ECDSA) attached to the account. This then gives them undetected access.

“Let’s say an attacker can steal your YubiKey, open it up to access the logic board, perform the EUCLEAK attack, and then repackage it in a way that you don’t realize you lost the original YubiKey in the first place,” Roche said. “The attacker can then create a clone of your authentication factor — a copy of your own YubiKey. You feel secure when you’re actually not.”

The cryptographic flaw that allows this is located in a small microcontroller in the device and affects all YubiKeys and Security Keys running firmware prior to version 5.7 (released in May). It also affects YubiHSM 2 versions prior to 2.4.0 (released this week).