๐Ÿฌ๐ข๐ญ๐š๐ฅ๐ข๐žโ˜คโ˜ฟ๐Ÿฌ๐ฎศ›๐š๐ง
Nitrokey 3A Mini from @nitrokey Receives Official FIDO2 Certification
_
https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification
_
#privacy #security #nitrokey #fido2 #realmmablock
Nitrokey 3A Mini Receives Official FIDO2 Certification

Aug 27, 2024 at 3:51pmWeb
Show thread๐Ÿฌ๐ข๐ญ๐š๐ฅ๐ข๐žโ˜คโ˜ฟ๐Ÿฌ๐ฎศ›๐š๐งSep 4, 2024

Yubikey prior to 5.7 firmware can be cloned with physical access within a โ€œfew minutesโ€

learned this from @jonah

we're discussing it here:

https://discuss.privacyguides.net/t/eucleak-yubikey-5-can-be-cloned-in-a-matter-of-minutes/20585

Since @nitrokey recently received certification, how much has the scales shifted in their direction?

"These security microcontrollers are present in a vast variety of secure systems โ€“ often relying on ECDSA โ€“ like electronic passports and crypto-currency hardware wallets but also smart cars or homes. However, we did not check (yet) that the EUCLEAK attack applies to any of these products."

who knows what other products may be affected by the presence of these microcontrollers?

Original news source: https://ninjalab.io/eucleak/

EUCLEAK - YubiKey 5 can be cloned in a matter of minutes

Yubikey prior to 5.7 firmware can be cloned with physical access within a โ€œfew minutesโ€ - neat! The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device. As they note, for most casual Yubikey users there is no need for concern/replacement: Authentication tokens (like FIDO hardware ...

Privacy Guides
Show thread๐Ÿฌ๐ข๐ญ๐š๐ฅ๐ข๐žโ˜คโ˜ฟ๐Ÿฌ๐ฎศ›๐š๐งSep 9, 2024
https://www.nitrokey.com/news/2024/nitrokeys-offer-investment-security-without-infineons-security-vulnerability
Nitrokeys Offer Investment Security Without Infineon