#infineon — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #infineon, aggregated by home.social.
-
DAX-Check LIVE: Adesso, Aurubis, Delivery Hero, GEA Group, Hannover Rück, Hochtief im Fokus
Der DAX startet schwach in die Woche, nach -1,3 % am Freitag bleibt die Stimmung gedämpft. Haupttreiber sind…
#Hannover #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #Ölpreise #Adesso #Aktienmarkt #Anleiherenditen #Dax #GeopolitischeRisiken #Germany #HannoverRück #Infineon #Niedersachsen #Rheinmetall #SAP
https://www.europesays.com/de/1010475/ -
https://www.europesays.com/at/150232/ Wie Rheinmetall, Allianz, Commerzbank, Infineon, BASF und Continental für Gesprächsstoff im DAX sorgten #Aktie #Allianz #ALV #AT #Austria #BAS #BASF #Business #CBK #Commerzbank #Companies #Companies&Markets #CON #Continental #DAX #IFX #Infineon #Markets #Märkte #Österreich #Perf #Rheinmetall #SK #Symbol #Unternehmen #Unternehmen&Märkte
-
https://www.europesays.com/at/149554/ Wie Rheinmetall, Allianz, Commerzbank, Infineon, BASF und Continental für Gesprächsstoff im DAX sorgten #Aktie #Allianz #ALV #AT #Austria #BAS #BASF #Business #CBK #Commerzbank #Companies #Companies&Markets #CON #Continental #DAX #IFX #Infineon #Markets #Märkte #Österreich #Perf #Rheinmetall #SK #Symbol #Unternehmen #Unternehmen&Märkte
-
Deutscher Hersteller im Aufwind: Infineon profitiert von KI und gestiegener Nachfrage https://www.computerbase.de/news/wirtschaft/deutscher-hersteller-im-aufwind-infineon-profitiert-von-ki-und-gestiegener-nachfrage.97219/ #semiconductor #Infineon
-
Wer profitiert in Deutschland vom KI-Boom?
Den KI-Boom treiben einige wenige US-Konzerne voran. Auch deutsche Unternehmen profitieren vom weltweiten Wettrennen um Künstliche Intelligenz. Welche sind das? Von Bianca von der Au.
-
Europe's microcontroller market leaders: Infineon, NXP, and STMicroelectronics
Three of five leading global microcontroller manufacturers are European; with Renesas and Microchip, they hold 80% of the market.
-
Mikrocontroller-Marktführer aus Europa: Infineon, NXP und STMicroelectronics
Drei der fünf weltweit führenden Hersteller von Mikrocontrollern sitzen in Europa; zusammen mit Renesas und Microchip halten sie rund 80 Prozent Marktanteil.
-
https://www.europesays.com/at/87545/ Infineon Aktie: KI-Offensive trifft US-Zölle #AI&Automation #AT #Austria #Business #Companies #Companies&Markets #DE0006231004 #Deutschland #Halbleiter #Infineon #INFINEONTECHAGNAON #Markets #Märkte #Österreich #Technologie #Unternehmen #Unternehmen&Märkte
-
https://www.europesays.com/at/86387/ Infineon Aktie: Mutige Preisstrategie #Analysen #AT #Austria #Business #Companies #Companies&Markets #DE0006231004 #Deutschland #Halbleiter #Infineon #INFINEONTECHAGNAON #Markets #Marktberichte #Märkte #Österreich #Unternehmen #Unternehmen&Märkte
-
https://www.europesays.com/at/84712/ Infineon Aktie: Makro trifft Momentum #Analysen #AT #Austria #Business #Companies #Companies&Markets #DE0006231004 #Deutschland #Halbleiter #Infineon #INFINEONTECHAGNAON #Markets #Marktberichte #Märkte #Österreich #Trading #Unternehmen #Unternehmen&Märkte
-
https://www.europesays.com/ie/357071/ AI Starting To Simplify Design Of Programmable Logic #Altera #AMD #Arteris #BayaSystems #Cadence #ChipAgents #compilers #DSPs #eFPGAs #Éire #fpga #FPGACompilers #FraunhoferIISEAS #IE #Infineon #Ireland #mentor #ProgrammableLogic #SiemensEDA #Synopsys #Technology
-
Bit-Rauschen, der Prozessor-Podcast: Das können Leistungshalbleiter
Ohne Leistungshalbleiter wäre unsere moderne Welt unmöglich. Was sie können und wo sie stecken, erklärt Folge 2026/4 des Podcasts Bit-Rauschen.
#BitRauschen #Halbleiterindustrie #Infineon #IT #Journal #news
-
Infineon AIROC ACW741x Wi-Fi 7 ultra-low power tri-radio IoT SoC family support MLO, Wi-Fi sensing, BLE 6.0, and Thread
-
Edgi-Talk machine learning development kit features Infineon PSOC Edge E84 Edge AI SoC (Crowdfunding)
-
Reicht das Wasser für Chips und Leute?
Und die Sachsen selbst verbrauchen weniger Wasser (ca. 95 Liter pro Kopf und Tag) als die Bundesbürger im…
#Dresden #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #Dürre #GeologieundLandwirtschaft #Germany #Grundwasser #Halbleiterindustrie #Industriewasser #Infineon #LandesamtfürUmwelt #MDRWissen #Niederschlag #Sachsen #Trockenheit #Verdunstung #Wasserverbrauch
https://www.europesays.com/de/452340/ -
Infineon Technologies partners with LG Electronics and Hanwha NxMD to develop key SDV technologies and expand wireless communication solutions, accelerating its growth in the Korean market.
#YonhapInfomax #Infineon #LGElectronics #SDVTechnology #WirelessCommunication #AutomotiveSemiconductors #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=64388 -
Infineon Technologies partners with LG Electronics and Hanwha NxMD to develop key SDV technologies and expand wireless communication solutions, accelerating its growth in the Korean market.
#YonhapInfomax #Infineon #LGElectronics #SDVTechnology #WirelessCommunication #AutomotiveSemiconductors #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=64388 -
Infineon Technologies partners with LG Electronics and Hanwha NxMD to develop key SDV technologies and expand wireless communication solutions, accelerating its growth in the Korean market.
#YonhapInfomax #Infineon #LGElectronics #SDVTechnology #WirelessCommunication #AutomotiveSemiconductors #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=64388 -
Infineon Technologies partners with LG Electronics and Hanwha NxMD to develop key SDV technologies and expand wireless communication solutions, accelerating its growth in the Korean market.
#YonhapInfomax #Infineon #LGElectronics #SDVTechnology #WirelessCommunication #AutomotiveSemiconductors #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=64388 -
Infineon Technologies partners with LG Electronics and Hanwha NxMD to develop key SDV technologies and expand wireless communication solutions, accelerating its growth in the Korean market.
#YonhapInfomax #Infineon #LGElectronics #SDVTechnology #WirelessCommunication #AutomotiveSemiconductors #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=64388 -
Falschparken im Wald im #Landschaftsschutzgebiet mit Werbung für die #Feuerwehr hat schon was spezielles. Das Ordnungsamt kümmert sich eher „überschaubar“ um die Falschparkerschwemme im Umfeld der #Infineon Baustelle.
-
2.5 billion USD: Infineon to acquire Marvell's automotive Ethernet division
Infineon wants to enter the network business. The manufacturer is purchasing the basis for this for 2.5 billion US dollars.
#autonomesFahren #Auto #Elektroauto #Ethernet #Infineon #Marvell #Mikrocontroller #Wirtschaft #news
-
2,5 Milliarden USD: Infineon will Marvells Automotive-Ethernet-Sparte übernehmen
Infineon will ins Netzwerkgeschäft einsteigen. Die Grundlage dafür kauft sich der Hersteller für 2,5 Milliarden US-Dollar ein.
#autonomesFahren #Auto #Elektroauto #Ethernet #Infineon #Marvell #Mikrocontroller #Wirtschaft #news
-
Infineon Technologies to acquire Marvell's automotive Ethernet business for $2.5 billion, strengthening its position in software-defined vehicle market and future IoT technologies
#YonhapInfomax #Infineon #Marvell #AutomotiveEthernet #Acquisition #SoftwareDefinedVehicle #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=57693 -
Power chip companies like Renesas and Infineon are cutting jobs and reducing spending as slower EV market growth leaves them with excess capacity. #Renesas #Infineon #EVMarket #TechNews #JobCuts #ChipIndustry #ElectricVehicles #BusinessNews #TechEconomy
-
How to secure 🇪🇺’s technological sovereignty? Thanks to #ClemensFuest for the interesting exchange at #MSC25 with #HennaVirkkunen,
#LisandraFlach & #Infineon. Our learnings from the gas crisis add up to promoting cooperation, transparency, data availability & cost efficiency. -
Über 14 Millionen Euro soll der Ex-Geschäftsführer von Infineon Bipolar in Warstein veruntreut haben. Heute startet der Prozess.#Regio-Beitrag24102024 #StudioSiegen #Infineon #Warstein #LandgerichtArnsberg #Veruntreuung
Prozessauftakt: Ex-Infineon-Manager soll 14 Millionen veruntreut haben -
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.
But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/09/fwbifx/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #EUCLEAK
-
USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.
But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/09/fwbifx/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #EUCLEAK
-
USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.
But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/09/fwbifx/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #EUCLEAK
-
USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.
But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/09/fwbifx/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #EUCLEAK
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
Można klonować klucze Yubikey 5. Podatne są klucze z firmware < 5.7. Wymagany fizyczny dostęp.
Piekło zamarzło, Yubikey’e zhackowane – tak moglibyśmy opisać wczorajszy komunikat wydany przez Yubico, czyli producenta najpopularniejszych na świecie fizycznych kluczy bezpieczeństwa. Moglibyśmy, ale pomimo że jest w tym nieco prawdy, to nie ma powodu do paniki, przynajmniej dla większości użytkowników popularnych yubikey’ów. Dlaczego nie ma? Zacznijmy od teorii. Badacze z...
#WBiegu #Atak #EUCLEAK #Infineon #Klonowanie #SideChannel #U2f #Yubikey
-
英飞凌的 ECDSA 实现存在侧信道攻击漏洞;影响 Yubikey 5;攻击需要设备物理访问。
- Yubikey 5 系固件版本在 5.7.0 以下的设备及 YubiHSM 2 系固件版本在 2.4.0 的设备受到影响。
- 物理持有受影响设备的骇客或能够恢复设备中的 ECDSA 私钥;完成此攻击可能还需要设备 PIN 等信息。
- 用户可换用基于 RSA 的验证方式以规避此问题,组织则可考虑提高验证频率要求以使用户更早认知到 Yubikey 丢失情形。
https://ninjalab.io/eucleak/
1. yubico.com/~
linksrc: https://t.me/bupt_moe/2237
#Cryptography #Security #Yubikey #Infineon #EUCLEAK
Telegram 原文 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
EU Genehmigt 5 Milliarden Euro Staatshilfe für Halbleiterwerk in Dresden
Die Europäische Kommission hat am Dienstag eine deutsche Staatshilfe in Höhe von 5 Milliarden Euro genehmigt, die den Bau eines neuen Mikrochip-Werks in Dresden unters
https://www.apfeltalk.de/magazin/news/eu-genehmigt-5-milliarden-euro-staatshilfe-fuer-halbleiterwerk-in-dresden/
#News #Tellerrand #Dresden #ESMC #EUStaatshilfe #EuropischeTechnologie #Halbleiter #Infineon #MikrochipProduktion #NXP #RobertBosch #TSMC -
🍦 COOL: Automotive Supply Chain Risk Digest 393
https://go.elmanalytics.com/393M#Aptiv #automotive #automotiveindustry #auto #BMW #EV #GeneralMotors #Goodyear #GKN #HiPhi #Honda #Hyundai #Infineon #Intel #KarmaAutomotive #Magna #MercedesBenz #Natron #Nissan #NXP #Polestar #Renault #riskmanagement #Stellantis #STMicroelectronics #Subaru #supplychain #supplychainmanagement #Toyota #Volkswagen
-
💪 PREPPED: Automotive Supply Chain Risk Digest 392
https://go.elmanalytics.com/392M#Adient #Audi #Auto #AutoIndustry #AutoNews #Automotive #BMW #BYD #Constellium #Continental #EV #Evergrande #Ford #GeneralMotors #Infineon #JLR #Magna #MercedesBenz #MGMotor #Novelis #Porsche #RiskManagement #SAIC #Stellantis #SupplyChain #SupplyChainManagement #Tesla
-
💪 PREPPED: Automotive Supply Chain Risk Digest 392
https://go.elmanalytics.com/392M#Adient #Audi #Auto #AutoIndustry #AutoNews #Automotive #BMW #BYD #Constellium #Continental #EV #Evergrande #Ford #GeneralMotors #Infineon #JLR #Magna #MercedesBenz #MGMotor #Novelis #Porsche #RiskManagement #SAIC #Stellantis #SupplyChain #SupplyChainManagement #Tesla
