SECURITY:  YubiKeys are vulnerable to cloning attacks

https://tldr.tech/infosec/2024-09-04

TLDR Information Security 2024-09-04

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (3 minute read)

The YubiKey 5 hardware token for two-factor authentication has a cryptographic flaw that makes it vulnerable to cloning attacks when physically accessed by an attacker. Yubico has confirmed that all YubiKey 5 models are susceptible to cloning due to a side channel vulnerability in the Infineon microcontroller used in various authentication devices. Updating firmware on affected YubiKeys is not possible, leaving them permanently vulnerable to potential attacks.

# – # – # – # – # 

Guess that you can toss these in the trash can or trash bin!

Still think that the authenticator app of a phone is the best two factor authentication technique.

—30—

This entry was posted on Wednesday, September 4th, 2024 at 12:57 and is filed under SECURITY. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Please leave a Reply