Security researchers have detected a vulnerability in YubiKey two-factor authentication tokens that enables attackers to clone the device according to a new security advisory.
YubiKey manufacturer Yubico stated that the severity of the side-channel vulnerability is 'moderate' but is difficult to exploit, partly because two-factor systems rely on something the user has and something only they should know.
Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key. But those aren't necessarily deterrents to a highly motivated individual or state-sponsored attack.
NinjaLab, the security firm that discovered the vulnerability, estimates that it has existed in Infineon's top security chips for over 14 years, and researchers believe other devices using the Infineon cryptographic library are also at risk.
Collection
[
|
...
]