Security researchers discovered a flaw in Yubico's YubiKey and YubiHSM devices that could allow attackers to obtain private keys.
The flaw is present in older versions of the devices' firmware and affects the Infineon cryptographic library used in these products.
However, exploiting this vulnerability is difficult because it requires physical access to the device, specialized equipment, and advanced technical skills.
Yubico, the company behind YubiKey and YubiHSM, has confirmed the issue in question, but states that the attack is complex and unlikely to occur in everyday scenarios.
They have issued a security notice outlining the vulnerability, but do not intend to release a firmware update, putting some devices permanently at risk.
How the Attack Works
The attack, known as a side-channel attack, was discovered by NinjaLab' Thomas Roche in France.
It specifically targets the Elliptic Curve Digital Signature Algorithm (ECDSA) found in the affected devices.
Attackers can infer private keys by measuring how long it takes the device to perform specific cryptographic operations.
The attack is based on non-constant computing times during a specific mathematical operation known as modular inversion.
Most cybercriminals will be unable to carry out the attack because it requires physical access to the YubiKey, expensive equipment, and custom software.
Nonetheless, it poses a risk in high-security settings where such resources may be available.
Affected Devices
The vulnerability affects YubiKey 5, YubiKey 5 FIPS, YubiKey Bio, YubiHSM, and YubiHSM 2 devices with firmware versions prior to 5.7.2.
Products such as the Feitian A22 JavaCard, which also uses Infineon's cryptographic library, are equally vulnerable.
While Yubico does not intend to release a firmware update for the affected devices, they do recommend several countermeasures to mitigate the risk.
Users, for example, can enable PIN or biometric protection on their devices, making it more difficult for attackers to gain access.
Additionally, shortening FIDO session durations and using RSA keys for certain operations can reduce exposure to this vulnerability.
Yubico's most recent firmware, version 5.7 and above, no longer employs the vulnerable Infineon library.
The company switched to its own cryptographic library, which was unaffected by the discovered flaw.
Should you replace your YubiKey?
Given the attack's complexity, most users are unlikely to face significant risk.
Individuals who work in high-security environments or handle sensitive information should consider replacing their affected YubiKeys or YubiHSM devices.
Yubico has not provided a replacement program or discounted rates for new devices, leaving the decision to replace vulnerable keys to the user.