Researcher finds unfixable but difficult to exploit bug in Yubikey

Some versions of Yubikeys, one of the most widely used hardware two-factor authentication (2FA) tools, are vulnerable to side-channel attacks.

Thomas Roche, security expert and co-founder of NinjaLab, discovered that the YubiKey 5 series devices have a cryptographic flaw that makes them vulnerable to cloning if an attacker gains temporary physical access to them.

Although this vulnerability cannot be fixed, it is very difficult to exploit.

Understanding how Yubikeys are used

Yubikeys are physical USB-based security devices developed by Yubico that provide an additional layer of protection when logging into online accounts. They are often used for 2FA and require a physical device in addition to a password to access your accounts.

Yubikeys are considered by many security experts to be one of the most secure hardware options for multi-factor authentication (MFA), particularly because they generally support the Fast Identity Online 2 (FIDO2) standard.

FIDO2 authentication, jointly developed by the FIDO Alliance and the World Wide Web Consortium (W3C), is based on public key cryptography, which is more secure than password-based authentication and more resilient to phishing and other attacks.

Read more: Is MFA enough to protect you from cyberattacks?

A side-channel vulnerability that went unnoticed for 14 years

While conducting a side-channel attack called EUCLEAK, Roche discovered a vulnerability in a cryptographic library used by many YubiKey products that allowed him to clone those devices.

A side-channel attack is an intrusion attempt that exploits the physical properties of a device or system to obtain sensitive information.

The researcher noted that the side-channel vulnerability, a cryptographic flaw in a library from Infineon Technologies, one of the largest manufacturers of secure elements, went undetected for 14 years and in around 80 top-level Common Criteria certification evaluations.

The researcher contacted Yubico before publishing the results of his experience.

Affected Yubikey devices

In a public warning, Yubico acknowledged the vulnerability and stated that the following devices are affected:

• YubiKey 5 series before version 5.7
• YubiKey 5 FIPS series before version 5.7
• YubiKey 5 CSPN series before version 5.7
• YubiKey Bio Series before version 5.7.2
• Security Keys Series before version 5.7
• YubiHSM 2 before version 2.4.0
• YubiHSM 2 FIPS before version 2.4.0

Newer versions are not affected.

Sophisticated Yubikey exploit scenario

The key manufacturer stated that the vulnerability was “moderately severe.”

This is partly because it is relatively difficult to exploit. Roche used €11,000 worth of equipment for the EUCLEAK attack and had physical access to the device – two criteria that can be prohibitive.

Roche has described a typical attack scenario that could successfully exploit the Yubikey vulnerability:

1. The attacker steals the login and password of a victim's FIDO-protected application account (e.g. via a phishing attack).
2. The attacker gains physical access to the victim's device for a limited period of time without the victim noticing.
3. Thanks to the victim's stolen login and password (for a specific application account), the attacker sends the authentication request to the device as many times as necessary while performing side-channel measurements
4. The attacker silently returns the FIDO device to the victim
5. The attacker performs a side-channel attack on the measurements and manages to extract the private key of the Elliptic Curve Digital Signature Algorithm (ECDSA) associated with the victim's application account.
6. The attacker can log into the victim's application account without the FIDO device or the victim noticing. In other words, the attacker has created a clone of the FIDO device for the victim's application account. This clone grants access to the application account as long as the legitimate user does not revoke their authentication credentials.