Side-channel vulnerability found in legacy Yubikey firmware

Yubico has released a security advisory addressing a side-channel vulnerability in Infineon’s cryptographic library, which several Yubico devices use. These devices include the YubiKey 5 Series, Security Key Series, YubiHSM 2, and YubiKey Bio Series, which feature fingerprint biometrics.

The vulnerability comes from an issue in implementing the Elliptic Curve Digital Signature Algorithm (ECDSA), which enables attackers to recover private keys under specific conditions. However, the attacker would need physical access to the Yubico device, detailed knowledge of the targeted account, and specialized hardware to execute the attack.

The advisory highlights that the vulnerability primarily impacts FIDO use cases relying on cryptographic functionality for digital identity and access management (IAM). Other applications may also be affected, including PIV (Personal Identity Verification), OpenPGP, and YubiHSM 2.

This type of side-channel attack exploits physical indicators like electromagnetic emissions, execution time, and data caches to extract private keys.

Through this attack method, malicious actors can observe the time it takes for a cryptographic device to execute certain operations, particularly during the modular inversion step of the Extended Euclidean Algorithm.

Variations in timing can provide insight into the cryptographic process, including the temporary key (nonce) used in ECDSA, which could lead to the compromise of the private key.

In response to this issue, the company has replaced Infineon’s cryptographic library with its cryptographic implementation in the newer firmware versions (5.7.0 and later). To determine if a device is affected, users can utilize the Yubico authenticator application to check the version and model of the Yubikey.

Patching is not feasible for the impacted Yubikeys. Devices running firmware versions before 5.7 cannot be updated, leaving them permanently vulnerable.

Manufacturers have suggested several mitigation techniques, such as transitioning to RSA keys, which are not susceptible to this vulnerability, strengthening access control, and enhancing FIDO attestation with additional controls like YubiOTP or PIV.

The security advisory follows research by Eucleak, which identified a vulnerability in the cryptographic library used in Yubico and other embedded cryptographic chips. This issue could potentially impact biometric passports that utilize ECDSA or similar algorithms for digital signatures.

Article Topics

biometric security key  |  cryptography  |  Yubico