free@rss.ponder.catMB to Ars Technica - All Content@rss.ponder.catEnglish · 2 months agoYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comexternal-linkmessage-square4fedilinkarrow-up15arrow-down10cross-posted to: news@lemmy.linuxuserspace.showpulse_of_truth@infosec.pub
arrow-up15arrow-down1external-linkYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelarstechnica.comfree@rss.ponder.catMB to Ars Technica - All Content@rss.ponder.catEnglish · 2 months agomessage-square4fedilinkcross-posted to: news@lemmy.linuxuserspace.showpulse_of_truth@infosec.pub
minus-squareKickMeElmo@sopuli.xyzlinkfedilinkarrow-up1arrow-down1·edit-22 months agoThere’s a firmware update that fixes the vulnerability. Kinda moot as long as you do updates. EDIT: Seems you have to buy a new key for that, but the difficulty of executing the vulnerability means it probably doesn’t matter anyway.
minus-squaresprack@lemmy.worldlinkfedilinkarrow-up2·2 months agoAlso requires $11k in gear and physical access to the key.
minus-squaredanski@lemmy.worldlinkfedilinkarrow-up2·2 months agoI thought these device’s firmware were strictly read only and can’t get updates.
minus-squareKickMeElmo@sopuli.xyzlinkfedilinkarrow-up1·edit-22 months agoApparently not. EDIT: It seems they actually are? So I guess if you’re at risk of having a national government try to break your security key, you should buy a new one.
There’s a firmware update that fixes the vulnerability. Kinda moot as long as you do updates.
EDIT: Seems you have to buy a new key for that, but the difficulty of executing the vulnerability means it probably doesn’t matter anyway.
Also requires $11k in gear and physical access to the key.
I thought these device’s firmware were strictly read only and can’t get updates.
Apparently not.
EDIT: It seems they actually are? So I guess if you’re at risk of having a national government try to break your security key, you should buy a new one.