#ysa_2024_03 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ysa_2024_03, aggregated by home.social.
-
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
(2 of 2) An outstanding question is: which other keys / firmware versions are affected? Likely any keys using Infineon SLE78, Optiga Trust M, orInfineon Optiga TPM plus the Infineon crypto libraries. I assume that Google's Titan keys have Google's own crypto libraries (but I don't actually know that).
Links:
Researcher:
https://ninjalab.io/eucleak/Infineon:
?Yubico (affected):
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://support.yubico.com/hc/en-us/articles/15705749884444-Infineon-ECDSA-Private-Key-Recovery-Customer-ResourcesGoogle (write their own firmware?):
?FEITIAN (Unaffected?):
From NinjaLAb writeup PDF: "Feitian explains that the Feitian A22 JavaCard has been updated years ago and
none of their products is impacted."Google (vulnerable hardware?)
https://infosec.exchange/@maxeddy/113092117674749246
"Also, Google confirmed to us that the current version of its Titan keys uses the SLE78 that NinjaLabs used in their attack. Google told us that it will start providing a version of the Titan that won't be vulnerable to the attack 'soon.' "HID (?):
?Kensington(?):
?Ledger (at least one report of using STMicroeelctronics, not Infineon):
?NitroKey (stated as unaffected in email):
https://gist.github.com/roycewilliams/4d100719f033cc1b1aa9fad084b74a97Nordic (?):
?Solo Keys (?):
?Thales (?):
?Thetis: (?):
?Trezor (at least one report of using Infineon):
?TrustKey (formerly eWBM)
(probably unaffected, own MCU)
https://www.trustkeysolutions.com/en/sub/product.form
(No official response link)Commentary:
https://abyssdomain.expert/@filippo/113074626948195938News/threads:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
https://infosec.exchange/@dangoodin/113074992609951759
"While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability."
https://news.ycombinator.com/item?id=41434500
https://securityboulevard.com/2024/09/fwbifx/
https://shkspr.mobi/blog/2024/09/some-thoughts-on-the-yubikey-eucleak-vulnerability/
https://www.wired.com/story/yubikey-vulnerability-cloning/
https://www.nytimes.com/wirecutter/reviews/best-security-keys/
Wallets and their secure element hardware:
https://bitcointalk.org/index.php?topic=5304483.0 -
Side channel in Infineon crypto library, affecting YubiKey firmware < 5.7 (which replaced that library with Yubico's own).
Post is thin on details, but claims the ability to access private ECDSA key and clone a FIDO device, with physical access, in a "few minutes". Claimed to affect any brand of key that uses Infineon's library and chipset, "due to a non constant-time modular inversion."
"Authentication tokens (like FIDO hardware devices) primary goal is to fight the scourge of phishing attacks. The EUCLEAK attack requires physical access to the device, expensive equipment, custom software and technical skills. Thus, as far as the work presented here goes, it is still safer to use your YubiKey or other impacted products as FIDO hardware authentication token to sign in to applications rather than not using one." [original emphasis]
"2. The new YubiKey firmware 5.7 update (May 6th, 2024) switches the YubiKeys from Infineon cryptographic library to Yubico new cryptographic library. To our knowledge, this new cryptographic library is not impacted by our work."
https://ninjalab.io/eucleak/
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdfCVE pending.
Edit: Yubico now has an announcement (YSA-2024-03).
https://www.yubico.com/support/security-advisories/ysa-2024-03/
Includes scope of products impacted. "The moderate vulnerability primarily impacts FIDO use cases because the FIDO standard relies on the affected functionality by default. YubiKey PIV and OpenPGP applications and YubiHSM 2 usage may also be impacted depending on configuration and algorithm choices by the end user. "
"In order to observe the vulnerable operation, the attacker may also require additional knowledge such as account name, account password, device PIN, or YubiHSM authentication key."Timeline is interesting and coordinated - Yubico was informed on April 19th, then new 5.7 firmware family entirely replacing Infineon libraries released for YubiKeys May 21st -- and then probably embargoed a few months for new firmware to roll out. YubiHSM update only announced yesterday, so looks timed to that as well.
Per-vendor and news/thread links here to minimize churn of this post:
https://infosec.exchange/@tychotithonus/113074603946027285