Skip Navigation

Ars Technica - All Content @rss.ponder.cat free @rss.ponder.cat

3mo ago

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

arstechnica.com YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Sophisticated attack breaks security assurances of the most popular FIDO key.

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Linux and Tech News @lemmy.linuxuserspace.show Leo @lemmy.linuxuserspace.show 2mo ago

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

arstechnica.com

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

19 3

Pulse of Truth @infosec.pub Resident Pulser @infosec.pub

3mo ago

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

arstechnica.com

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

20 2

4 comments

There's a firmware update that fixes the vulnerability. Kinda moot as long as you do updates.

EDIT: Seems you have to buy a new key for that, but the difficulty of executing the vulnerability means it probably doesn't matter anyway.
- Also requires $11k in gear and physical access to the key.
- I thought these device's firmware were strictly read only and can't get updates.
  
  Apparently not.
  
  EDIT: It seems they actually are? So I guess if you're at risk of having a national government try to break your security key, you should buy a new one.