KidM to [email protected]English • 16 days agoYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comexternal-linkmessage-square3fedilinkarrow-up176arrow-down11cross-posted to: [email protected]
arrow-up175arrow-down1external-linkYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comKidM to [email protected]English • 16 days agomessage-square3fedilinkcross-posted to: [email protected]
minus-square@[email protected]linkfedilinkEnglish31•16 days agoTLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
minus-square@[email protected]linkfedilinkEnglish4•15 days agoTo add: All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. So if you bought your key from June onward, you are most likely in the clear.
TLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
To add:
So if you bought your key from June onward, you are most likely in the clear.