Sep 04, 2024 17:00:00

YubiKey 5 vulnerable to side-channel attack, YubiKey versions older than 5.7 are permanently at risk

Security company NinjaLab has announced that the YubiKey, a popular security key for

FIDO authentication , is vulnerable. Attacking the vulnerability requires advanced knowledge and expensive equipment, but because YubiKey firmware cannot be updated, all products older than version 5.7 will remain vulnerable forever.

Security Advisory YSA-2024-03 | Yubico
https://www.yubico.com/support/security-advisories/ysa-2024-03/

EUCLEAK - NinjaLab
https://ninjalab.io/eucleak/

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

In response to NinjaLab's report, Yubico, the manufacturer of YubiKey, published a security advisory stating, 'A vulnerability has been discovered in the Infineon cryptographic library used in YubiKey 5 series security keys prior to firmware 5.7.0 and YubiHSM 2 prior to firmware 2.4.0. The severity of the issue on Yubico devices is moderate. An attacker may be able to exploit this issue as part of an advanced targeted attack to recover affected private keys.'

The YubiKey vulnerability 'EUCLEAK' reported by NinjaLab is a vulnerability to side-channel attacks . Side-channel attacks are attacks that exploit various external indicators other than algorithms, such as electromagnetic waves emitted from a device or the time it takes to complete a task. In this case, the main issue was the time it takes to calculate modular inverse numbers , which are used in cryptography.

According to the report, Infineon's cryptographic library did not have a common side-channel countermeasure called

constant-time processing, which is a method of preventing information leakage by making the time required for encryption constant.

An attacker exploiting this vulnerability can measure the electromagnetic radiation of a token during authentication with an oscilloscope and identify the ECDSA key used temporarily from slight differences in processing time. The attacker can then extract the secret ECDSA key that is related to the entire security of the token and perform a token cloning attack.

According to NinjaLab, the following scenarios are possible for a cloning attack that exploits this vulnerability:

1. An attacker steals the login and password of a victim's FIDO-protected account, usually through a phishing attack.
2. Obtain the victim’s FIDO device without the victim’s knowledge.
3. Send authentication requests to the device as many times as necessary, using the victim's login ID and password as a measurement for side-channel attacks.
4. The attacker returns the FIDO device to the victim.
5. Use the measurements to perform a side-channel attack to extract the private ECDSA key associated with the victim's account.
6) You will be able to log into your account without a FIDO device.

This attack requires equipment costing $11,000 and advanced knowledge of electrical engineering and cryptography. It would also require disassembling the security key for the side channel attack, and then returning it to the victim after the necessary measurements have been completed. For this reason, it is expected to be used in targeted attacks on a national scale.

Ars Technica, an IT news site that covered NinjaLab's report, said, 'As long as security keys do not fall into the hands of highly skilled and well-equipped attackers, FIDO authentication remains one of the strongest authentication formats,' and pointed out that even though vulnerabilities have been revealed, physical keys are still highly secure.

If you want to know the firmware version of the YubiKey you are using, you can check it using the Yubico Authenticator app provided by Yubico. In addition, Infineon, the company that developed the cryptographic library that caused the vulnerability, has not yet issued a security advisory, nor has it responded to inquiries urging them to do so.