News item

YubiKeys’ unfixable security flaw: Should you be worried?

Security researchers have detected a vulnerability in YubiKey two-factor authentication tokens that enables attackers to clone the device, its manufacturer Yubico announced this week. The company categorized the severity of the issue as moderate.

Profielfoto van Daphne Frik
6 September 2024 | 2 minutes read

YubiKey is a two-factor authentication hardware device that is used widely throughout a range of organizations. When logging into accounts that enforce two-factor authentication, the YubiKey allows users to press a button to log in, rather than having a code texted to you or generated by an authenticator app.

The vulnerability

The vulnerability was discovered by cryptology researchers from NinjaLab in Infineon’s cryptographic library. This library is utilized in YubiKey 5 Series, and Security Key Series with firmware prior to 5.7.0 and YubiHSM 2 with firmware prior to 2.4.0, Yubico said. The vulnerability arises from a flaw in Infineon's cryptographic library, specifically the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation which is used to generate cryptographic signatures.

The attack exploits a side-channel vulnerability in the ECDSA implementation, meaning that attackers can observe physical characteristics of the device, such as timing or power consumption, to extract sensitive data like private keys.

This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non-constant-time modular inversion, NinjaLab’s researchers said.

The moderate vulnerability primarily impacts FIDO use cases, Yubico said, as the FIDO standard relies on the affected functionality by default. YubiKey PIV and OpenPGP applications and YubiHSM 2 usage may also be impacted depending on configuration and algorithm choices by the end user.

The risks

While the flaw is a major vulnerability, it will be difficult to replicate in real life. An attacker will need physical access to the YubiKey, together with information about credentials such as usernames, PINs, passwords, or the YubiHSM authentication key. Then, the attacker would need to open up the token to access and read the hardware - something that requires highly-specialized and expensive equipment.

This makes it a low-risk vulnerability for most users, though it is more concerning in targeted, high-value attacks such as those carried out by nation-states, as they might have better access to these resources.

What’s next?

As the firmware cannot be updated, there is no patch or fix: all YubiKey 5 devices running firmware prior to version 5.7 will be permanently vulnerable. Later model versions will not be affected, as Yubico has stopped using the Infineon cryptographic library.

Now, it’s up to organizations itself to make decisions on their YubiKey use. However, as NinjaLab’s researchers argue: authentication tokens like the FIDO hardware devices are used with the goal of fighting phishing attacks. The security flaw requires physical access to the device, expensive equipment, custom software and technical skills. Therefore, it is still safer to use a YubiKey to sign into applications, than not using one.