Home → News → Side-Channel Attack Can Recover Encryption Keys From... → Full Text

Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys

By ZDNet

January 19, 2021

[article image]

Two researchers at French security company NinjaLab found a vulnerability impacting chips used in Google Titan and YubiKey hardware security keys.

The flaw enables malefactors to recover the primary encryption key used by the hardware security keys to generate cryptographic tokens for two-factor authentication (2FA) operations.

The researchers said the Elliptic Curve Digital Signature Algorithm private key would let hackers clone Titan, YubiKey, and others to circumvent 2FA protocols, although attack severity is not as high as implied due to various factors, like the Google Titan key's tough plastic casing.

However, the NinjaLab researchers said a side-channel attack becomes possible once hackers have access to the key's chip, based on analysis of the chip's electromagnetic emissions while processing cryptographic operations.

The researchers added that key recovery typically takes hours, and requires expensive equipment and custom software.

From ZDNet
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found