Two researchers at French security company NinjaLab found a vulnerability impacting chips used in Google Titan and YubiKey hardware security keys.
The flaw enables malefactors to recover the primary encryption key used by the hardware security keys to generate cryptographic tokens for two-factor authentication (2FA) operations.
The researchers said the Elliptic Curve Digital Signature Algorithm private key would let hackers clone Titan, YubiKey, and others to circumvent 2FA protocols, although attack severity is not as high as implied due to various factors, like the Google Titan key's tough plastic casing.
However, the NinjaLab researchers said a side-channel attack becomes possible once hackers have access to the key's chip, based on analysis of the chip's electromagnetic emissions while processing cryptographic operations.
The researchers added that key recovery typically takes hours, and requires expensive equipment and custom software.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA