YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key.
Edit: Yubico has issued a security advisory on the vulnerability https://www.yubico.com/support/security-advisories/ysa-2024-03/
You're viewing a single thread.
Its not much of a vulnerability, like locks, its not if it can be picked, it is how difficult it is to be picked, but the difference here is that the vulnerability is that a nation state actor, or a high capability actor can compromise it, and "it" being the thing that keeps your accounts safe.
So this is like the lock that protects all your accounts can be shimmed if it ever gets out of your control type of an issue, so not to stop using them, but to keep them secured or on your person at all times.
I hope YubiKey offers a fair upgrade program for their next series of keys and maybe a new FIDO Standard.