YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Briefly

The YubiKey 5, the most widely used hardware token for two-factor authentication, contains a cryptographic flaw that makes it vulnerable to cloning when briefly accessed by an attacker.

Ars Technicahttps://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

Researchers confirmed that all YubiKey 5 series models can be cloned, raising concerns that devices running similar microcontrollers like SLE78 also share this vulnerability.

Ars Technicahttps://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

Patching the vulnerability is impossible as updating firmware on YubiKeys is not supported, leaving numerous devices permanently at risk of attack.

Ars Technicahttps://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

An attacker exploiting this flaw would need physical possession of the YubiKey and potentially private account information, highlighting the sophistication of such targeted attacks.

Ars Technicahttps://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/