YubiKeys Are a Security Gold Standard—but They Can Be Cloned

2 months ago 38

The YubiKey 5, the astir wide utilized hardware token for two-factor authentication based connected the FIDO standard, contains a cryptographic flaw that makes the finger-sized instrumentality susceptible to cloning erstwhile an attacker gains impermanent carnal entree to it, researchers said Tuesday.

The cryptographic flaw, known arsenic a side channel, resides successful a tiny microcontroller utilized successful a ample fig of different authentication devices, including smartcards utilized successful banking, physics passports, and the accessing of unafraid areas. While the researchers person confirmed each YubiKey 5 bid models tin beryllium cloned, they haven’t tested different devices utilizing the microcontroller, specified arsenic the SLE78 made by Infineon and successor microcontrollers known arsenic the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers fishy that immoderate instrumentality utilizing immoderate of these 3 microcontrollers and the Infineon cryptographic room contains the aforesaid vulnerability.

Patching Not Possible

YubiKey shaper Yubico issued an advisory successful coordination with a detailed disclosure report from NinjaLab, the information steadfast that reverse engineered the YubiKey 5 bid and devised the cloning attack. All YubiKeys moving firmware anterior to mentation 5.7—which was released successful May and replaces the Infineon cryptolibrary with a customized one—are vulnerable. Updating cardinal firmware connected the YubiKey isn’t possible. That leaves each affected YubiKeys permanently vulnerable.

“An attacker could exploit this contented arsenic portion of a blase and targeted onslaught to retrieve affected backstage keys,” the advisory confirmed. “The attacker would request carnal possession of the YubiKey, Security Key, oregon YubiHSM; cognition of the accounts they privation to target; and specialized instrumentality to execute the indispensable attack. Depending connected the usage case, the attacker whitethorn besides necessitate further knowledge, including username, PIN, relationship password, oregon authentication key.”

Side channels are the effect of clues near successful carnal manifestations specified arsenic electromagnetic emanations, information caches, oregon the clip required to implicit a task that leaks cryptographic secrets. In this case, the broadside transmission is the magnitude of clip taken during a mathematical calculation known arsenic a modular inversion. The Infineon cryptolibrary failed to instrumentality a communal side-channel defence known arsenic changeless clip arsenic it performs modular inversion operations involving the Elliptic Curve Digital Signature Algorithm. Constant clip ensures the time-sensitive cryptographic operations execute is azygous alternatively than adaptable depending connected the circumstantial keys.

More precisely, the broadside transmission is located successful the Infineon implementation of the Extended Euclidean Algorithm, a method for, among different things, computing the modular inverse. By utilizing an oscilloscope to measurement the electromagnetic radiation portion the token is authenticating itself, the researchers tin observe tiny execution clip differences that uncover a token’s ephemeral ECDSA key, besides known arsenic a nonce. Further investigation allows the researchers to extract the concealed ECDSA cardinal that underpins the full information of the token.

In Tuesday’s report, NinjaLab cofounder Thomas Roche wrote:

In the contiguous work, NinjaLab unveils a caller side-channel vulnerability successful the ECDSA implementation of Infineon 9 connected immoderate information microcontroller household of the manufacturer. This vulnerability lies successful the ECDSA ephemeral cardinal (or nonce) modular inversion, and, much precisely, successful the Infineon implementation of the Extended Euclidean Algorithm (EEA for short). To our knowledge, this is the archetypal clip an implementation of the EEA is shown to beryllium susceptible to side-channel investigation (contrarily to the EEA binary version). The exploitation of this vulnerability is demonstrated done realistic experiments and we amusement that an adversary lone needs to person entree to the instrumentality for a fewer minutes. The offline signifier took america astir 24 hours; with much engineering enactment successful the onslaught development, it would instrumentality little than 1 hour.

After a agelong signifier of knowing Infineon implementation done side-channel investigation connected a Feitian 10 unfastened JavaCard smartcard, the onslaught is tested connected a YubiKey 5Ci, a FIDO hardware token from Yubico. All YubiKey 5 Series (before the firmware update 5.7 11 of May 6th, 2024) are affected by the attack. In information each products relying connected the ECDSA of Infineon cryptographic room moving connected an Infineon information microcontroller are affected by the attack. We estimation that the vulnerability exists for much than 14 years successful Infineon apical unafraid chips. These chips and the susceptible portion of the cryptographic room went done astir 80 CC certification evaluations of level AVA VAN 4 (for TPMs) oregon AVA VAN 5 (for the others) from 2010 to 2024 (and a spot little than 30 certificate maintenances).

Read Entire Article