YubiKeys vulnerable to side-channel attacks, microcontroller to blame
Physical YubiKeys are susceptible to side-channel attacks, making it possible for attackers to steal private keys and cloning them. Because the firmware can’t be updated, manufacturer Yubico has released a new version of the YubiKey to fix the issue.
A vulnerability in the Infineon SLE78 microcontroller is the root cause. Security researchers from NinjaLab were able to dig up details about the cryptographic library the chip uses. This allowed them to figure out how the Elliptic Curve Digital Signature Algorithm, or ECDSA, works.
The algorithm is used to create a private key for a certain credential so a user can login to an online account. However, when a side-channel attack is performed it’s possible to retrieve private keys.
In a side-channel attack, an attacker can infer confidential information from a device by simply observing how a protocol or algorithm works. In this case, the security researchers were interested in the amount of time that was required to perform a mathematical calculation, also known as ‘modular inversion’.
The cryptolibrary of the Infineon SLE78 microcontroller doesn’t embed Constant Time, a well-known side-channel attack defense mechanism that prevents the algorithm’s calculation time from depending on the user’s input, thus making it vulnerable to hackers.
The vulnerability isn’t just found in physical YubiKeys, but in all smart cards and devices that contain the specific Infineon microcontroller. This chip is used in the YubiKey 5 Series, the most popular and best-selling physical security key from Yubico, and security key series with firmware prior to 5.7.0 and YubiHSM2 with firmware prior to 2.4.0.
The manufacturer has published a security advisory to warn customers of the vulnerability, which has a CVSS score of 4.9. That’s because it’s nearly impossible to pull off a side-channel attack.
First of all, an attacker needs to have physical access to a YubiKey or other secure element in order to extract the private key. Next, he needs to know how to access the Infineon security microcontroller chip, but also have an electromagnet, oscilloscope and computer that can read the electromagnetic signal from a chip, which is very expensive equipment.
Lastly, besides the private key the attacker also needs to have the victim’s login credentials, such as username and password.
Because the firmware of the microcontroller can’t be updated, it’s best to get yourself a new YubiKey. The YubiKey 5.7 and higher, which was launched in May 2024, fixes the issue.
Your email address will not be published. Required fields are marked