Flutterby™! : YubiKey cloning

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

YubiKey cloning

2024-09-04 00:21:14.476165+02 by Dan Lyke 0 comments

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel if you have physical access to the device and the PIN.

So you probably shouldn't sweat it.

RT Michał "rysiek" Woźniak · 🇺🇦 @rysiek@mstdn.social

Ok, here's the deal on the "YubiKey cloning attack" stuff:

:eyes_opposite: Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.

But the attack *requires*:

👉 *physically opening the YubiKey enclosure*

👉 physical access to the YubiKey *while it is authenticating*

👉 non-trivial electronics lab equipment

I cannot stress this enough:

✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨ #InfoSec #YubiKey5

[ related topics: Interactive Drama ]

comments in ascending chronological order (reverse):