YubiKey cloning
2024-09-04 00:21:14.476165+02 by Dan Lyke 0 comments
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel if you have physical access to the device and the PIN.
So you probably shouldn't sweat it.
RT Michał "rysiek" Woźniak · 🇺🇦 @rysiek@mstdn.social
Ok, here's the deal on the "YubiKey cloning attack" stuff:
:eyes_opposite: Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.
But the attack *requires*:
👉 *physically opening the YubiKey enclosure*
👉 physical access to the YubiKey *while it is authenticating*
👉 non-trivial electronics lab equipment
I cannot stress this enough:
✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨ #InfoSec #YubiKey5