Security Flaw Allows Attackers to Clone YubiKeys by Extract Private Key

Secure elements consist mainly of tiny microcontrollers, which provide service by generating and storing secrets and performing cryptographic operations.

Thomas Roche of NinjaLab finds a major security flaw in the crypto library of Infineon Technologies affecting a diverse range of secure elements and FIDO hardware tokens, including the popular YubiKey 5 Series.

The vulnerability, which is called EUCLEAK, capitalizes on a flaw in the implementation of ECDSA and involves a non-constant-time modular inversion operation.

While the flaw enables threat actors to clone devices by extracting secret keys.

Technical Analysis

Thomas said this security flaw enables attackers with temporary physical presence to recover the secure keys using an unethical practice known as Electromagnetic Analysis, which monitors power fluctuations to reconstruct a device’s internal workings.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

This vulnerability affects gadgets that are developed on Infineon SLE78 MCUs, including YubiKey 5 Series (firmware versions below 5.7), and extends even to new Infineon products such as Optiga Trust M and Trust Platform Module security chips.

Perhaps surprisingly, this vulnerability went undetected for 14 years despite undergoing about eighty high-level security common criteria certification schemes.

This vulnerability affects the YubiKey 5 Series and Security Key Series, as well as the YubiHSM 2 with firmware before 2.4.0.

Besides this, the CVE ID for the flaw is still in process, but got a CVSS Severity score of “4.9,” and has been tracked with the “YSA-2024-03,” tracking ID.

The implications are far-reaching, as a number of secure systems that use these components may potentially be put at risk, and the components include:- 

• Electronic passports
• Cryptocurrency hardware wallets
• Smart car systems
• Smart home systems

Although the attack is only possible with some physical access, special equipment, and some technical skills, it could enable threat actors to harvest FIDO devices and make copies of them which are robbing the devices of their main purpose, which is effective security against phishing.

Despite this vulnerability, the researchers pointed out that even using these compromised FIDO tokens would be better than having no hardware security measures in place.

Identify Your YubiKey Version

• Open the Yubico Authenticator application on your device.
• Locate the model and version of your YubiKey on the Home screen.
• The series and model will be listed in the upper left corner.
• Example: If your YubiKey is a YubiKey 5C NFC, the version might be 5.7.0.

Identify Your YubiHSM 2 Version

• Ensure you have the YubiHSM SDK installed on your system.
• Open your terminal or command prompt.
• Execute the following commands in sequence:-

• $ yubihsm-connector -d
• $ yubihsm-shell
• $ yubihsm> connect
• $ yubihsm> get deviceinfo

Exploiting the flaw requires physical possession of the device, and additionally, PIN codes or passwords must be available.

The vulnerability in question will mainly affect the use cases for FIDO and may have impacts on PIV and OpenPGP usage, depending on implementation.

The choice of algorithms might also influence the use of YubiHSM 2.

To avoid the risks mentioned above and keep the supply chain exposure to a minimum, Yubico has stopped using Infineon’s library in later firmware versions and implemented its own cryptographic solutions in the software.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!