YubiKeys Are Vulnerable To Cloning Attacks Thanks To Newly Discovered Side Channel

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday. ArsTechnica: The cryptographic flaw, known as a side channel, resides in a small microcontroller that's used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven't tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contain the same vulnerability.

YubiKey-maker Yubico issued an advisory in coordination with a detailed disclosure report from NinjaLab, the security firm that reverse-engineered the YubiKey 5 series and devised the cloning attack. All YubiKeys running firmware prior to version 5.7 -- which was released in May and replaces the Infineon cryptolibrary with a custom one -- are vulnerable. Updating key firmware on the YubiKey isn't possible. That leaves all affected YubiKeys permanently vulnerable.

Not so easy

[J-1000]

The list, however, omits a key step, which is tearing down the YubiKey and exposing the logic board housed inside. This likely would be done by using a hot air gun and a scalpel to remove the plastic key casing and expose the part of the logic board that acts as a secure element storing the cryptographic secrets. From there, the attacker would connect the chip to hardware and software that take measurements as the key is being used to authenticate on an existing account.

So it does not appear to be exploiting NFC which is good. No vulnerability would be better, but the quoted steps are at least more difficult than copying a physical key, for example.

Re:

[Valgrus Thunderaxe]

Acetone will dissolve the case.

Re: Not so easy

[raburton]

Cloning a key isn't that useful if the owner knows about it, and it sounds like they will likely be able to tell, as they'll quickly disable the key's access. An attacker would need to act fast and if they already have the original in their possession, they might as well just use that.

Pity can't upgrade the firmware though. Not sure why not, Infineon TPM modules can be upgraded. And how secure is their new custom library? Rolling your own crypto library is never a good idea.

Re: Not so easy

[sjames]

Because if you can push in new firmware, the bad guys can push in firmware that discloses the secret key.

Re:

[bloodhawk]

yubi keys are generally pretty generic in look. If you can successfully clone even while destroying the original you can then just replace the original with an undamaged key and the owner is none the wiser.

Re: Not so easy

[EvilSS]

Can you make the clone without also tearing them down though? If not then it is a moot point.

Re:

[anonymouscoward52236]

So make sure to sign your key with a sharpie or something? (I mean, I guess that signature could be copied also, but it just made it one step harder.)

Re:

[MachineShedFred]

So clone it twice - destroy the original to get the goods, and clone it onto two keys. One for you, and one to replace the destroyed original.

Unless someone has "customized" it physically, or actively tracks the serial number, they won't know.

Re:

[anonymouscoward52236]

Sign it with a sharpie, and make sure to note down the serial number. Got it.

Re:

[AvitarX]

It seems impractical.

My key would need to be stolen, taken apart, and rebuilt in such a way that I don't notice the theft or the rebuild.

Additionally, it would require my account to not lock with repeated requests to authenticate.

Honestly, I would have been more surprised if it wasn't possible to figure things out with laboratory equipment, disassembly, and time.

The fact that it requires multiple logins to do is better than I would have expected.

Re:

[tlhIngan]

My key would need to be stolen, taken apart, and rebuilt in such a way that I don't notice the theft or the rebuild.

It may be impractical if your key is always with you, but I know lots of people with work laptops and their key is plugged in permanently into the USB port.

All that needs to happen is they go on vacation and that key gets swiped and cloned onto a new key (so it appears new) whilst they hang onto the original. Then they wait for the person to come back from vacation and start using the key

There

Re:

[bill_mcgonigle]

Oh, boy - that's the textbook example for an Evil Maid attack.

Re:

[ewibble]

Sure if the person leaves there key unattended in a "public" place, but that is the same for a physical key as well. The could also install a key logger, a usb device that will installs a virus on your machine, pretty much anything. I would have assumed giving someone enough physical access to any device would mean they could make a copy.

If you are leaving a usb device unattended, like a keyboard, at your office pretty much expect that it could be hacked if someone has access to that device.

It requires phys

Re:

[AvitarX]

If the key is used for multiple accounts the attacker needs to know the username and password for each and every account to properly clone the key.

For example one would need to clone my Robinhood, work MS account, personal MS account, vanguard account, and 2 google accounts for me to not realize something was up.

At the very least of think my key was failing and immediately get a new one setup killing the old one (as a failing key would be a huge PITA).

Re: Not so easy

[topham]

Crowbar would be easier.

And no, not on the yubi key.

Re:

[F.Ultra]

not easy to perform the crowbar without it being noticed however. Which is why that xkcd is for most part completely invalid.

Re:

[sarren1901]

Eh depends. If I kidnap you while in disguise, beat the shit out of you and demand access, then transfer/copy what I need from you and maybe leave you some where remote or just tied up in the closet, by the time you can stop anything from happening, I'm long gone with the crown jewels and you won't even have a suspect.

Extreme? Sure, but if we're going to worry about this, you may as well consider yourself THAT important that state actors would want to get at you.

This overall doesn't seem like THAT huge of a

Re:

[F.Ultra]

that would make you not knowing exactly WHO stole your secrets but me point is that you would know THAT someone did. Aka the crowbar approach isn't stealthy and in many cases (say you are being monitored by the government) not being stealthy is a failure.

Re:Not so easy

[wickerprints]

Agreed, it would be difficult and certainly beyond the capability of most attackers. But a nightmare scenario I could easily envision is an intelligence agency discovered this side channel attack (as the researchers did), but they found it years ago and kept knowledge of it secret. Then they trained their agents to perform it quickly, perhaps constructing a specialized machine to efficiently remove the outer casing without damaging the interior components. The analysis portion of the attack involves the hardware described in the paper and could also be custom made as another device.

With enough resources and practice, I think the attack could be streamlined down to a very short amount of time, far less than the 10 hours or so the researchers say. If so, this would imply that a state actor could break the encryption far more easily than we previously believed.

One countermeasure I could think of that might prolong the attack time or thwart it would be to use a unique (e.g. serialized) anti-tamper sticker on the device--any attempt to destructively remove the casing would be evident. With the right solvents, it might be possible to remove the sticker non-destructively, but it would increase the attack time. This could be a useful obstacle in all cases where interior access to the key is required, including attacks that are not publicly known.

The takeaway--and this has always been the case with respect to cryptographic security--is that one can never be fully secure. There are vulnerabilities that we know, and then there are vulnerabilities that simply haven't been discovered yet. Among the latter, there exists the potential for exploits that only some people know, and the asymmetric nature of research in cryptanalysis (i.e., agencies like the NSA and their foreign counterparts devote resources to breaking security schemes but do not publish their research) means the public is always at a disadvantage when it comes to trusting these mechanisms.

Re:

[ewibble]

If an intelligence wanted to hack my stuff they could, I accept that. If they really wanted to they could probably build key that looked identical, that relayed the information via some network to the real key that they took. Why an intelligence agency would bother I don't know if they really wanted information why not bribe someone or add a plant.

Re:

[wickerprints]

Well, the case I described isn't really relevant for most consumers or people with just everyday security needs, and I don't mean to sound alarmist or like I'm fearmongering.

Rather, the situation I'm describing is really more about penetrating very high-security installations, where the data is highly sensitive and valuable. Think of it this way: FIDO-compliant security keys are ubiquitous in such cases and they've been used for years. This side channel attack, if successfully pulled off, would only leav

Re:

[bloodhawk]

The thing is if you can clone it you don't need to care about damaging the outer casing. You clone and provide the undamaged clone back as the replacement meanwhile keeping the original.

Re:

[wickerprints]

Ooh, that's a really good point. Sure, there's a risk for the attacker in that if the cloning is unsuccessful and they destroyed the casing, it could arouse suspicion (victim goes "oops, I seem to have misplaced my key?").

But on further thought, what does it mean to "clone" in this instance? We're assuming that it means to create a physically identical copy of the key with the same cryptographic secret. But can an existing genuine key be modified in this way, and could it be done more easily than simply

Re:

[Ostracus]

Right, but that doesn't make as good for alarmist propaganda.

brief physical access to it

[OrangeTide]

That's right. Just come right into my house and run the hot air gun to removed the case when I'm out of the room making a cup of coffee. I totally won't hear you.

Let's forget perfect security for just a second.

[mmell]

It doesn't need to be impossible to clone, merely impractical. There's a tiny yet ever so crucial difference.

Re:

[volcan0]

Higher level of security mandate pin on the usage and from what I have read, this is not broken yet.

not relevant

[Elektroschock]

not a vulnerability but a new requirement scenario.

Like, oh, your plastic helmet isn't fireproof.

Obligatory XKCD...

[Another Random Kiwi]

Security Wrench [xkcd.com]

YubiKeys have always been a dumb idea

[WaffleMonster]

Hard to imagine who thinks it is a good idea to have security keys using USB with its stupidly massive attack surface. Oh someone swiped my key when I was not looking and now instead of logging on to a secure system it emulated a keyboard and installed a reverse shell in a blink of an eye that compromised my system. OOPS...

Smartcards are cheaper than dirt, standardized and have been around for decades. Readers are everywhere and cost basically nothing... why are people poorly reinventing the wheel?

Re:

[Coopjust]

A lot of laptops lack a smartcard reader, unless they're ordered specifically for that purpose and the option is checked on a business laptop

Pretty much every computer made in the last thirty years has USB-A and/or USB-C ports.