Hackers are cloning YubiKeys via new side-channel exploit

Many enterprises rely on the YubiKey as a major part of their identity authentication strategy. It is one of the most popular and best-rated FIDO (fast identity online) hardware tokens for multi-factor authentication (MFA).

However, in a newly-identified attack dubbed “EUCLEAK,” the USB-sized device has been found to be vulnerable to cloning when threat actors physically (temporarily) get their hands on them. This can allow them to access the user’s FIDO credentials via what’s known as a side-channel attack.

Yubico, which makes the small devices, issued an advisory about the flaw this week. The company also released an in-depth, 88-page report explaining the vulnerability, in conjunction with cryptography vendor Ninjalab.

Yubico described the flaw’s severity as “moderate.” But because firmware updating is not possible on the YubiKey, the token is also permanently vulnerable.

“It shows that secure elements are not perfect and that their security should continuously be challenged,” Ninjalab co-founder and report author Thomas Roche told CSO Online. “There are too few people looking at this.”

Keys considered more secure for MFA

Enterprises are increasingly implementing MFA to bolster their defenses against ramped-up cyberattacks. Keys are often considered more secure (and less expensive) than software tools, because if an attacker steals a user’s account credentials, they still require the token, which is (or should be) physically in the hands of its rightful owner.

“YubiKeys, like all FIDO hardware tokens, are a ‘factor of authentication,’” Roche explained. “They can be a second factor (in addition to a login/password) or the unique factor (as in the recent passkeys).”

He explained in his report that the devices undergo the highest level of security evaluations that exist and are often considered “inviolable,” even in the worst-case scenarios.” Thus, “complex secure systems build their security upon them.”

Cloning your device on the sly

Despite their wide use, however, they are clearly not impervious. With the newly-discovered YubiKey side-channel attack, threat actors can access leaked signals from a cryptosystem in the device. Roche explained that side-channel leakages are due to the physics of a semiconductor and “cannot be avoided.” Preventing them requires specific, often costly countermeasures.

In a successful attack scenario, a bad actor would steal a user’s login ID and password (through phishing or other means), then gain physical access to their token without their knowledge. They would then send authentication requests to the token while recording measurements on the side token. Once the device has been returned, they can then launch a side-channel attack to extract the Elliptic Curve Digital Signature Algorithm (ECDSA) linked to the account. This then gives them undetected access.

“Let us assume an attacker is able to steal your YubiKey, open it to access the logic board, apply the EUCLEAK attack and then re-package the original YubiKey in such a way that you do not realize that you lost it in the first place,” said Roche. “Then the attacker can build a clone of your authentication factor — a copy of your own YubiKey. You feel safe when you actually are not.”

The cryptographic flaw that allows this exists in a small microcontroller in the device, and impacts all YubiKeys and Security Keys running firmware earlier than version 5.7 (which was released in May). It also impacts YubiHSM 2 versions prior to 2.4.0 (rolled out just this week).

Roche emphasized that attackers require physical possession of a key and the ability to view the vulnerable operation with often expensive specialized equipment. They may also require additional knowledge, including a user name, password or device VPN. Further, threat actors would have to have a sophisticated understanding of engineering to pull off such an attack.

CISOs should not be worried about EUCLEAK in the vast majority of cases, he noted. This is because the attack is typically “state-agency grade” and targeting specific people. It is not “technically ultra complicated” but “logistically extremely difficult.”

“It requires a considerable effort for a single target and has to be re-applied for each target,” he said.

You can buy new keys (but that’s not the only option)

Users should check their YubiKey to see if it has been impacted. Roche advised that enterprises continue to use vulnerable devices rather than switching to alternative tools without security mechanisms.

While buying a new key is a viable option, there are other temporary mitigations. This includes avoiding ECDSA altogether, opting instead for other low-level cryptographic algorithms such as Edwards-curve Digital Signature Algorithm (EdDSA), or the more tried-and-true public-key cryptosystem Rivest–Shamir–Adleman (RSA). Another option is to enforce additional protocols such as PINs or biometrics.

Signature and registration monitoring tools can also be used to detect cloned FIDO devices. This allows a FIDO-protected web service to invalidate requests and lock accounts if suspicious signals are detected, reducing the clone’s usability to a limited period of time.

Roche noted that, while this “nice mitigation” method is unfortunately not mandated, it is useful in identifying, blocking, and securing accounts.

Ultimately, he noted, it is still safer to use YubiKeys or other vulnerable products rather than not use one at all.