"Crypto Vulnerability Allows Cloning of YubiKey Security Keys"

YubiKey security keys can be cloned through a side-channel attack involving the exploitation of a vulnerability in a third-party cryptographic library. The attack called "Eucleak" was demonstrated by NinjaLab. Yubico, the company behind YubiKey, has released a security advisory in response to this discovery. YubiKey hardware authentication devices allow users to securely access their accounts using FIDO authentication. The Eucleak attack exploits a vulnerability in an Infineon cryptographic library used by YubiKey and other vendors' products. The flaw lets an attacker with physical access to a YubiKey security key create a clone, which can then be used to access an account belonging to the victim. This article continues to discuss the flaw that enables the cloning of YubiKey security keys.

SecurityWeek reports "Crypto Vulnerability Allows Cloning of YubiKey Security Keys"

Submitted by grigby1

Submitted by Gregory Rigby on