Some versions of Yubikeys, one of the most widely used two-factor authentication (2FA) hardware tools, are vulnerable to side-channel attacks.
Thomas Roche, security expert and co-founder of NinjaLab, has found that the YubiKey 5 Series devices contain a cryptographic flaw that makes them vulnerable to cloning when an attacker gains temporary physical access to them.
Although the vulnerability is unfixable, it is also very difficult to exploit.
Understanding How Yubikeys Are Used
Yubikeys are physical USB-based security devices developed by Yubico, adding an extra layer of protection when logging in to online accounts. They are often used for 2FA, requiring a physical device in addition to a password to access your accounts.
Yubikeys are considered by many security experts as one of the most secure hardware options for multifactor authentication (MFA), notably because they generally support the Fast Identity Online 2 (FIDO2) standard.
FIDO2 authentication, jointly developed by the FIDO Alliance and the World Wide Web Consortium (W3C), is based on public key cryptography, which is more secure than password-based authentication and is more resistant to phishing and other attacks.
Read more: Is MFA Enough to Protect You Against Cyber-Attacks?
A Side-Channel Vulnerability Unnoticed for 14 Years
While performing a side-channel attack he called EUCLEAK, Roche found a vulnerability within a cryptographic library used by many YubiKey products that allowed him to clone these devices.
A side-channel attack is an intrusion attempt to exploit the physical characteristics of a device or system to extract sensitive information.
The researcher noted that the side-channel vulnerability, a cryptographic flaw within a library provided by Infineon Technologies, one of the largest secure element manufacturers, has remained unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations.
The researcher contacted Yubico before publishing the results of his experience.
Affected Yubikey Devices
In a public advisory, Yubico acknowledged the vulnerability and specified that the affected devices are:
- YubiKey 5 Series before version 5.7
- YubiKey 5 FIPS Series before version 5.7
- YubiKey 5 CSPN Series before version 5.7
- YubiKey Bio Series before version 5.7.2
- Security Keys Series before version 5.7
- YubiHSM 2 before version 2.4.0
- YubiHSM 2 FIPS before version 2.4.0
More recent versions are not affected.
Sophisticated Yubikey Exploit Scenario
The key manufacturer said the severity of the vulnerability was “moderate.”
This is in part because it is relatively difficult to exploit. Roche used €11,000-worth material to perform the EUCLEAK attack and had physical access to the device – two criteria that can be prohibitive.
Roche provided a typical attack scenario that would successfully exploit the Yubikey vulnerability:
- The adversary steals the login and password of a victim’s application account protected with FIDO (e.g. via a phishing attack)
- The adversary gets physical access to the victim’s device during a limited time frame, without the victim noticing
- Thanks to the stolen victim’s login and password (for a given application account), the adversary sends the authentication request to the device as many times as necessary while performing side-channel measurements
- The adversary quietly gives back the FIDO device to the victim
- The adversary performs a side-channel attack over the measurements, and succeeds in extracting the Elliptic Curve Digital Signature Algorithm (ECDSA) private key linked to the victim’s application account
- The adversary can sign in to the victim’s application account without the FIDO device or the victim noticing. In other words, the adversary created a clone of the FIDO device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its authentication credentials.
Photo credit: Formatoriginal/Shutterstock