KidM to Cybersecurity@sh.itjust.worksEnglish • 10 months agoYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comexternal-linkmessage-square3fedilinkarrow-up170arrow-down11cross-posted to: privacyguides@lemmy.one
arrow-up169arrow-down1external-linkYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comKidM to Cybersecurity@sh.itjust.worksEnglish • 10 months agomessage-square3fedilinkcross-posted to: privacyguides@lemmy.one
minus-square@sun_is_ra@sh.itjust.workslinkfedilinkEnglish32•10 months agoTLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
minus-square@Telorand@reddthat.comcakelinkfedilinkEnglish4•10 months agoTo add: All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. So if you bought your key from June onward, you are most likely in the clear.
TLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability
To add:
So if you bought your key from June onward, you are most likely in the clear.