Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 months agoYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comexternal-linkmessage-square3fedilinkarrow-up176arrow-down10cross-posted to: [email protected]
arrow-up176arrow-down1external-linkYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 months agomessage-square3fedilinkcross-posted to: [email protected]
minus-squaresun_is_ra@sh.itjust.workslinkfedilinkEnglisharrow-up32·2 months agoTLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
minus-squareTelorand@reddthat.comlinkfedilinkEnglisharrow-up4·2 months agoTo add: All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. So if you bought your key from June onward, you are most likely in the clear.
TLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
To add:
So if you bought your key from June onward, you are most likely in the clear.