Mastodawn

Context:
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

> The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Sophisticated attack breaks security assurances of the most popular FIDO key.

Ars Technica

This is not to say this is not a big deal: it does make information security people reevaluate certain assumptions related to YubiKeys.

But it is a big deal to a very, very limited number of people.

If this was really a big deal for you, you'd know already and would not need anyone to tell you so.

And even *if* it was a big deal for you, then it would still not be a *practical* attack – just something to ponder and discuss with your infoseccy peers.

So, keep calm and use security keys! 🔑

grin Sep 4, 2024

@rysiek Along with my agreement and thanks for the detailed posts I'd like to point out that governmental actors can get the key, do their stuff and get it back, as the time it requires seems to be short.
Also it feels uneasy that it has been certified that high for that long, but there are no miracles, even in security certifications.

@grin I am not that sure about the time it requires being "short". But it definitely is a consideration, yes.

xyhhx 🔻 (plz hire me)Sep 3, 2024

@rysiek common ars technica L

xyhhx 🔻 (plz hire me)Sep 3, 2024

@rysiek lmao this is like a james bond ass attack flow

Alexander Bochmann Sep 3, 2024

@rysiek ...now waiting to learn where else the vulnerable Infineon crypto library that they reverse engineered is being used. I'd assume there are more critical use cases than the Yubikeys...

small, primitive, wingless Sep 3, 2024

@rysiek that quoted passage looks like an ad for yubikey lol

vifon Sep 3, 2024

@rysiek In other words: in a very specific scenario you can be at worst just as secure with a YubiKey as you'd be without it. And this is the worst case scenario.

@vifon correct

Brendan B.Sep 3, 2024

@rysiek in most situations they'd probably conclude that the tied-to-a-chair-and-beaten-with-a-wrench exploit is more time and cost effective.

@distinct 💯

Devil

@rysiek What kind of device wouldn't be vulnerable to this?

If they opened my smartphone while I'm having an encrypted communication over Signal, they would be able to retrieve the private key somehow.

Gustavo Sep 3, 2024

@devil @rysiek The idea behind encryption chips, TSMs and such things is to make opening impossible: many chips have ways to detect being tampered and then erasing themselves in the process. I guess YubiKey's chip does have that, but they found a way not to trigger the anti-tampering mechanism.

Wolf480pl Sep 3, 2024

@devil @rysiek a properly designed smartcard should in theory be infeasible to non-destructively take apart to such depth that you can clone it, and yubikey is trying to be a USB smartcard...

Haelwenn /элвэн/

@rysiek Which makes sense, I mean it sounds a bit like how hardware-protected keys on game consoles get dumped.
Which is why smartcards/HSMs need to be visible at a glance and tamper-evident (tamper-resistant is even better but I barely trust this).

Jes

@rysiek nothing is 100% secure, there's either more secure or less secure.

Andrew Douglass Sep 3, 2024

@rysiek maybe this will convince some penny pinchers to finally let pen testers get electron microscopes.

tonic

@rysiek lol, less "am i vulnerable to an evil maid attack", and more "how well equipped would the evil maid be"?

furicle Sep 3, 2024

@tonicfunk @rysiek I suspect many people are susceptible to a "well equipped" "evil maid" with "physical access" without any technology involved at all...

Oh wait, what were we discussing again?

tonic

@furicle @rysiek lmaooo you know what that's a *great* point

Firstyear Sep 3, 2024

@rysiek The actual risk here is for orgs performing webauthn attestation since an attacker can now recover a yubikey attestation private key, and if they get access to an account can enroll a "fradulent yubikey" to it.
And even then thats a lot of work when you .... already have access to the account.
So as technically cool as this attack is, I doubt it will be exploited in the wild.

Joshua M. Clulow Sep 3, 2024

@firstyear @rysiek There's also serious risk for people who use YubiKeys as a theoretically unclonable machine principal for remote systems that have to connect themselves autonomously back to central facilities like VPNs or control software etc. It's not everyone but it's not no-one either.

Firstyear Sep 4, 2024

@jmc @rysiek Would someone do this though? The FIDO path requires UP (physical interaction) so it would be obvious if the key was altered. If it was via PIV where you can skip UP then your attestation is RSA backed which isn't affected - unless you self enroll ECDSA custom attestation certs. So I think there is a *super* narrow risk window for an unattended key, that's using PIV with custom attestation certs.

Joshua M. Clulow Sep 4, 2024

@firstyear @rysiek It's me, I use ECDSA with PIV haha

Firstyear Sep 4, 2024

@jmc @rysiek Yes, but critically the attestation from yk is RSA. So if you check the cert + PIV attest, you can validate the authenticity of the device still :)

Joshua M. Clulow Sep 4, 2024

@firstyear @rysiek I feel like that means I would have to replace all use of ECDSA keys on these devices with "include and confirm an RSA based attestation of the ECDSA key slot contents" which is presumably more expensive and also a huge protocol change. Plus I'm not really sure how the attestation process defends against replays at all?

Firstyear Sep 4, 2024

@jmc The attestation proves that the device which performed the signature is a legitimate yubikey. So while someone might "steal" the ecdsa private key via a destructive attack, they can't steal the attestation cert/key meaning that they can't prove the key resides in a true yk. Yeah it's more work to setup and validate, but it's also useful in those scenarioes too :)

Joshua M. Clulow Sep 4, 2024

@firstyear I'm still confused about the attestation helping here, with my apologies. If an attacker physically has my YubiKey, can they not create an attestation certificate and save it for later, thus having evidence that the key in question came from inside a YK? Then, extract the key so you can use it from outside of the policy framework that certificate is supposed to promise, and just give people the certificate you saved earlier to prove it's a YK?

fops Sep 3, 2024

@rysiek oh lmao nice clickbait then :/ i dont have any bc they're too expensive but guess we're all good

Matthew

@chfour For me, I be scared if I loss it somewhere in the house.. 🥲
@rysiek

faraiwe Sep 3, 2024

@rysiek never ceases to amaze me, how we often return to "possession and use of a physical security device to deliver combination for access".

@faraiwe "something you have"

Ian Sep 3, 2024

@rysiek Exactly! A house key could be copied but that doesn't mean we should stop locking out front doors.

Soulfire The Wolf

Regardless of circumstance this still seems like a really bad PR moment for Yubico

Gustavo Sep 3, 2024

@rysiek I just wish it was cheaper or that there was a good cheaper competitor, as anyone should have at least two, at least a backup in case the main one gets lost.

@qgustavor @rysiek https://www.token2.swiss/shop/?

Faisal Misle Sep 3, 2024

TOKEN2 Sàrl is a Swiss cybersecurity company specialized in the area of multifactor authentication. We are a FIDO Alliance member.

OTP Token, TOTP token, Replace your mobile authenticator with secure hardware OTP token! Easily programmed via NFC. Designed to use with Google, Facebook, Dropbox, GitHub, Wordpress, Office 365, Azure MFA etc.

Gustavo Sep 3, 2024

@faisal @rysiek The cheapest product costs as much as 1.2 Big Macs and shipping is 6 times the cost of this product. I hope some company bullies and sells some similar product here, to reduce shipping costs

IAintShootinMis Sep 3, 2024

@rysiek this is a $5 wrench problem. (Xkcd:538)

An adversary would beat your with a $5 wrench until you logged in rather than go through with this attack.

amy Sep 3, 2024

@rysiek Of course this is for high-profile stuff only, but would stealing the backup (which you should have smh) be a viable and real attack vector for some?

lunacatuwu Sep 3, 2024

@rysiek So basically

this attack can only happen if you ubikey was stolen.... i mean... the attacker wouldn't even need all that anyways 😭

Chesapeake Sep 3, 2024

@rysiek every single piece of electronics is vulnerable to this TBH

- posted by Eri

J. "Henry" Waugh Sep 3, 2024

@rysiek oh hey look it's this post I boosted appearing already in the wild as predicted!

https://haunted.computer/@Dio9sys/113052816378220682

(Thank you for being the voice of calm)

Dio9sys (@Dio9sys@haunted.computer)

security researchers: "Here is poc for a new vulnerability. In order to actually exploit this vulnerability, you have to put two computers in the upper troposphere, make sure they both have the exact same brand of hard drive, turn them both on at the same time so the rng matches and then, once you have all that handled, you could abuse the rng to make an alert happen on the other computer. Right now it takes 257 tries to work but, with more research, we might be able to get it working more often than that as long as there's no cosmic rays bouncing off the RAM." News coverage about the vuln: "NEW 0-CLICK VULNERABILITY FOUND THAT CAN LEAD TO REMOTE CODE EXECUTION. RESEARCHERS SAY STABLE EXPLOIT CODE COMING SOON"

haunted computer

Carlos Solís Sep 3, 2024

@rysiek I mean - if I ever need to physically clone my keys, I'd actually want this "attack" to be feasible for my own sake

Josh “Space Phrasing” Cubert Sep 4, 2024

@rysiek "Here's the deal on the 'YubiKey cloning attack:' there exists a series of quantum entanglements that, if you're struck by lightning at just the right time on five different occasions throughout your life, this is a legitimate attack."

FTFY.

This sh!t is ridiculous.

Barry Schwartz 🫖Sep 4, 2024

@josh @rysiek And don't be fooled by THAT. There is actually no such thing as a quantum entanglement, and they are going to try to sell you "quantum cryptography" even though it has EVERY classic characteristic of snake oil and is actually just security through obscurity.

(See my bio and pinned toots for pointers on the first point. You can run my Python program that defies what quantum physicists claim is impossible.)

MaybeMyMonkeys Sep 4, 2024

@rysiek aka, an inside job

Alexandre Oliva (moved to @lxo@gnusocial.jp)Sep 4, 2024

yay, backups! we can now make backups!

Mack Hall Sep 4, 2024

@rysiek but I don't wanna use my Yubikey! Therefore, it has been hacked and is no longer secure.

Bee O'Problem

Sep 4, 2024

@rysiek someone mentioned in another thread that the big group that you could be vulnerable to now is cops. They can, and quite likely, do meet all three of your points if they're after you fairly or otherwise. (i.e. they've arrested you and/or seized your equipment including the key)

Doesn't take away your point though.

@beeoproblem it does change the threat model somewhat, but honestly, cops have better ways of getting into an online account than doing a side-channel attack using electromagnetic emanation analysis on a stripped YubiKey.

Like, talking to the service provider.

And as I said later in that thread, if that is really a big issue for you, you'd already know it is, and plan accordingly.

Andrew Sep 4, 2024

@rysiek if someone has stolen your yubikey, all tokens should be revoked anyhow. So... yeah.

chrysn Sep 4, 2024

@rysiek AIU that wouldn't even endanger its FIDO2 level 2 certification (which is rare enough that there are not too many devices around with it), because that goes against scalable attacks, and physical attacks generally do not scale.

Christoph Petrausch Sep 4, 2024

@rysiek Posting the obligatory XKCD Here https://xkcd.com/538/

Before an attacker will execute that plan, they will either use physical force or bribery.

Security

xkcd

Claudia Caesaris 🏳️‍⚧️🥚Sep 4, 2024

@rysiek Complaining about this is like saying your house is insecure because someone can steal your keys

@claudiacaesaris well, not quite.

YubiKey and similar devices do make certain promises about the impossibility if extracting private keys without destroying the device.

This research could show a path to attacks that break that promise.

So complaining about this is valid – but the context of that is super important.

Dan Neuman 🇨🇦Sep 4, 2024

@rysiek One use case we must always consider is domestic abuse. The abuser has the time to gain access and may know someone with the equipment.

@dan613 while this is *technically* true, a domestic abuser will have so many other more direct ways to gain access to the survivor's services, that making such a point to non-technical people who are not trained in threat modelling is – I would argue – actively harmful.

It might convince some survivors to not use YubiKeys or other security keys, thus opening themselves to orders of magnitude more likely and easier ways of gaining such access.

Please be careful with such takes.