FYI, YubiKey is apparently still selling old stock with firmware vulnerable to the EUCLEAK attack instead of disposing of them, as a reader of Fefe's Blog reported:
https://blog.fefe.de/?ts=99ccc8dc
>“The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack,” the company said in its security advisory. “Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.” But those aren’t necessarily deterrents to a highly motivated individual or state-sponsored attack.
The attacker would need physical possession of the [key]... Depending on the use case, the attacker may also require additional knowledge including... PIN, account password, or authentication key.
If you already had both these things, any vulnerability in the key's firmware would be moot, surely? It's hardly a surprise that 2FA can be compromised by compromising both factors.
The vulnerability allows extracting the secret key from a vulnerable device. If I remember correctly, it's after a successful auth / sign flow, which requires the login/password of the target website.
I could give you my security key and you'll be able to login once. If you can extract the key, then you could login without the security key. In the context of a targeted attack, that could heavily change the impact.
If you're paranoid, of course, you're not going to trust a key that's left your possession, even if you get it back later. One it's gone it should be revoked permanently.
It does. If you can get my yubikey off my keyring while it's in my pocket and put it back on without my noticing then I don't know how I can defend against that.
And you can store things like your PGP keys on there. I use mine for code signing, ssh, and encryption. For me it’d just be a PITA, since I don’t operate in a very sensitive or valuable area, but it could be a nightmare for someone who signs code a lot of people use, for example.
In addition to FIDO2, you can add java applet for OpenPGP (also open source), TOTP (https://github.com/JavaCardOS/Oath-Applet) and PIV/smartcard (open source as well). I tell you more - there are tons of JavaCardOS compatible applets available on github etc.
Note I'm talking "clone of the Arduino", not "Arduino-based clone of the YubiKey". My point was that if you don't need protection against key extraction, you can just get an ultra-cheap microcontroler and write code to do the crypto operations on them.
That's the point. Yubikey can charge a premium on the assumption that what it sells is secure. If it sells old stock with known issues, what's the point?
Also I returned my yubikey to my $work when my contract ended so I know at least Microsoft reuses these keys.
Is it the whole point? My understanding is that this attack requires physical access to the key. Would a compromised computer be able to extract the key without physically having the key? My understanding is that it wouldn't.
So having my private key on the Yubikey plugged into my computer is still safer than having the private key directly on the computer, right?
Yes, but my point is you could also have any ultra-cheap device plugged into your computer that can run general-purpose crypto software and talk via USB, or your phone.
> my point is you could also have any ultra-cheap device plugged into your computer that can run general-purpose crypto software and talk via USB,
But you would need this ultra-cheap device plugged into your computer to be resistant to your computer being compromised. Do you know such an off-the-shelf device?
> or your phone
Well your phone has a very large attack surface as compared to a Yubikey.
> You wouldn't have to pay > 50$ for a Yubikey.
Are you sure about that? I have a Nitrokey 3C NFC that cost more than my Yubikey, and the Nitrokey can be flashed from my computer. Meaning that if my computer is compromised, then my Nitrokey is compromised.
It's not clear to me that 50$ is expensive for a product that is not used by half the world and doesn't collect the private data of its users. I understand the frustration with the security issue, but I find it unfair to say "I would do better for < 1$".
The attacker would have to take the targeted YubiKey physically apart to get access to the Infineon chip. Then, after performing enough successful FIDO2 challenges (ie. logins with phished credentials) they would need to put the device back together, and do so without the victim noticing that their YubiKey has been physically compromised.
The keys are tamper-evident.
The attack is not impossible, and surely fits within the capabilities of nation state actors. For majority of other users it's a theoretical attack.
So in your threat model the attacker is someone who has the resources to target you individually (plausible for high-value targets), the capability and capacity to further develop the physical field attack kit (current cost at ~11k for lab condition hardware), and can haul around essentially a mobile electrics oven - approximate size between a fusion splicer and a small 3D printer - to re-shell a decapped YubiKey.
I'm discounting the need to conduct phishing. That comes for free. I'll also give you that the victim may be rather unlikely to spot that their YubiKey has been replaced with a freshly manufactured copy.
For those kinds of capabilities you're still looking at nation state actors or very motivated enterprises.
Nation state actors have the resources to destroy me. Defending fully against them is cost prohibitive. I'll take basic actions to make it more expensive though.
My threat model is much less well resources actors who would happily sim-swap or password-stuff, etc, and there a ubikey is enough to foil those attacks. I have locks on my doors to prevent random teenagers and miscreants from walking in, not to prevent people motivated enough to pick the locks, break a window, or go through a wall.
> My threat model is much less well resources actors who would happily sim-swap or password-stuff, etc, and there a ubikey is enough to foil those attacks.
...whereas many users trusting the "industry’s #1 security key" pitch were relying upon a lot more.
As another commenter started to point out, the risk is essentially cloning the key. So, if you were out to dinner and it was cloned while you were out, you might not realize you'd been compromised whereas if it was stolen, it might too late, but you'd know. It seems that for many/most people the risk is low, but anyone at risk of a state sponsored attack should be aware.
For the threat model of keeping out random online attackers with no physical access, it seems this vulnerability doesn't matter.
Almost every known product maker make procedures around having a vulnerable product and advertises it as 'securing your data has the utmost importance' while releasing thick stream of security patches on the back of patches, more than not making updates mandatory this way or the other.
'We may finish that later sometime after sales' kind of product development.
Not in this particular case. Here, it's more like "buy our new product if you care enough about the latest vulnerability; the old one is unpatchable by design".
Yeah, but what isn't ever(?) mentioned is, "other" ECC keys are (should be) impacted by this too, not just FIDO2, i.e. ECC smart card certificates if you're using those.
> Update: Ist sogar noch krasser, wie ein Leser anmerkt:
> zu der Yubikey-Geschichte sei noch angemerkt, dass die aktuell sogar so dreist sind erstmal ihre Lagerbestände mit verwundbaren Keys abzuverkaufen anstatt die zu verschrotten. Hab neulich zwei von den Dingern bestellt (die teure FIPS-Variante!) und was bekomme ich geliefert? Die Keys mit der alten, verwundbaren Firmware. Hintergrund soll wohl sein, dass die zunächst Behörden und andere "priorisierte" Kunden mit den Keys mit der neuen Firmware beliefern.
Machine Translation:
> Update: It's even more extreme, as a reader points out:
> Regarding the Yubikey story, it should be noted that they are currently so brazen as to sell off their stock of vulnerable keys instead of scrapping them. I recently ordered two of those things (the expensive FIPS version!) and what do I get delivered? The keys with the old, vulnerable firmware. The background seems to be that they are initially supplying authorities and other "prioritized" customers with the keys that have the new firmware.
And these YubiKey aren't exactly cheap. You'd expect the price to cover whatever they have to do on their end so that you do not receive a known vulnerable device.
I agree that it would look bad if Yubico pretended to send patched keys and instead sent the vulnerable ones (which this anonymous reader seems to claim).
But I think it would deserve more than an anonymous, unverified claim. For what I see, on Yubico's store it says which version of the firmware I am ordering.
off topic, but I'm so mesmerized, I can't help it -- the translation is just perfect, even though the original is ripe with colloquialism. Not too long ago, this was SciFi.
Oh, this is even more complicated -- getting FIPS certification is not a fast process, so the only FIPS-certified Yubikeys at present are the vulnerable ones. Their FIPS 140-3 certificaton process started... huh, yesterday, apparently:
FIPS certification is never the thing you want if you don't specifically need that certificate number. There are two certified firmware versions, 5.4.2 and 5.4.3, and if you get a FIPS key that's what you're getting.
I would gladly take an old stock yubikey at a discount - my threat model doesn't have a serious need for resistance to stolen keys, because at the user level they're unlikely to not notice them missing for long enough to successfully attack and then replace to a keychain.
The vulnerability, as another commenter mentions, is extremely hard to exploit and requires both physical access and the specific accounts to clone the key for.
That may be too much of a risk for enterprises, but as a personal security key? That seems like a completely reasonable choice to make.
But a software password manager on a compromised computer can be compromised, right? It feels like the secrets can't be extracted by a compromised computer: the attacker needs physical access to the Yubikey.
This sounds better than a software password manager, right? Or am I missing something?
No, I'm not. I've got a bunch of yubikeys locked in lockboxes when they're not in use, serving as trust anchors for internal PKI, but also using certificate logging. If one is compromised, there's a short window until it's known, and access to the box has a very small group of people. My threat model does not include "Insider under the watchful eye of two other insiders"
The attack is local, limited, and requires sophistication to pull off. For most people and most use-cases, this is a theoretical vulnerability rather than a real one.
While some users may need to buy updated YKs, perhaps having a tier of discounted "vulnerable" new old stock and more expensive patched new stock would make the most economic and utility sense.
>This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion.
The vulnerability is therefore that the secrets can be extracted without taking the YubiKey apart, by measuring timings, thus tricking you into thinking that your YubiKey is intact (but you were already compromised the moment you could not account for the location of the YubiKey). On the other hand, a well motivated adversary can take apart your YubiKey, extract the secrets through other means (every hardware key is vulnerable to this) and finally put together a new YubiKey, identical on the outside to your old YubiKey, with the same secrets.
The two scenarios are almost the same, unless you're biotagging your YubiKey (which only buys you knowledge that you've been compromised). If Yubico is selling these keys, it's because it would be too expensive for them to clearly label the firmware version on each YubiKey sold, for various reasons. I think this is a great opportunity for a competitor to arise, who hopefully allows flashing of the firmware, at a minimum. The Nitrokey seems like a good option <https://www.nitrokey.com/>.
My experience with Nitrokey is different. I trust Yubico for my threat model, I just don't trust Nitrokey at all. They seem to have more products than employees and in my experience they have a history of advertising/selling features they don't have.
For those who downvote me, let me add some context. I count 14 employees in the company picture [1]. They say "up to 20 employees". I assume not everyone is a software developer.
They have 1. Nitrokey 2. NitroPhone 3. NitroTablet 4. NitroPad 5. NitroPC 6. NextBox 7. NitroWall 8. NetHSM which look like very different products. On top of this, they have consulting services and NitroChat (not clear to me if it is just a branded Matrix instance) and "Android FIDO SDK" (which for some reason points to https://hwsecurity.dev/, which doesn't exactly seem to be a Nitrokey product). That seems like a lot for 14-20 employees.
But then my experience was with the Nitrokey 3 NFC. They advertised all the main features that Yubikey had and accepted pre-orders. They claimed that the software was ready, in Rust and open source (!), and that it would just take a few months for the hardware. It took 2 years, and when I finally received my Nitrokey, none of the software was ready (it had just one feature, maybe FIDO?).
Finally, it is great that it is open source, but the fact that it is flashable does not sound like a security feature to me: doesn't it mean that an attacker could flash a malicious firmware on it from a compromised computer?
Flashing firmware makes it easier to compromise an unattended hardware key but as I said above every hardware key could be considered compromised in this sense. Pre-order generally come with stipulations on when you receive the product and what it will be. NitroChat is them running a Matrix chat server for you, they probably intend to have integrations with their Nitrokey. The SDK mentions that it is "Offered in partnership with Hardware Security SDK by heylogin GmbH", the intend of heylogin GmbH is to charge you for commercial use of the SDK. Them having less than 20 employees makes sense, it's a niche market.
What it comes down to is that YubiKeys have better integration but Nitrokeys are more fun if you want to hack on them, and it's not really a matter of security. Note that smart cards in general can be used for the same purposes, e.g. Java Cards. USB keys do not require you to carry around a card reader.
> Flashing firmware makes it easier to compromise an unattended hardware key but as I said above every hardware key could be considered compromised in this sense.
Isn't there a difference between your compromised laptop being able to reflash your Nitrokey and your compromised laptop not being able to reflash your Yubikey, though?
> Them having less than 20 employees makes sense, it's a niche market.
Maybe, but they sell 8 different hardware products. Have you ever been involved in a hardware product? I have, and it feels like they must not put a lot of resources on them. Which is kind of proven in my experience with the fact that my Nitrokey arrived 2 years after I ordered it and by then, only a fraction of the software had been written.
The problem here is that depending on your threat model it might be important for customers to trust Yubico not to sell out against rich/powerful attackers. This behavior adds a datapoint that speaks against them, even if they are technically correct.
I do not expect a manufacturer of such hardware to be like: "Eh it is okay" when skipping the fix to their IC manufacturers fuckup saves them money, I expect them to go out of their way to protect their customers. Seen like this their refusal to replace compromised keys was already brazen, them selling compromised keys constitutes a breach of trust.
> Seen like this their refusal to replace compromised keys was already brazen,
Does it really sound crazy that they would not replace all the keys they ever sold? At that price, it feels like it's obviously part of the deal. If you want to buy a security key that will get audited every day by 10 experts and receive new versions delivered in your hands by approved staff, I guess you should expect to pay more than 50 bucks, right?
> them selling compromised keys constitutes a breach of trust.
Some anonymous reader of some blog claims it. It doesn't mean it's true, does it? For what I can see, it says on the Yubico store which version of the firmware I am getting. Can anyone confirm that they ordered the new version, received the old version and Yubico refused to exchange that?
Of course they would like to avoid replacing every (affected) key they ever sold if they don't absolutely have to. But if they sold cars and this was a defective airbag they would have been forced to replace them.
You as a manufacturer are responsible for the products you bring to market — don't want to recall your products? Then ensure they work and you don't put all your eggs in one basket.
In this case Yubico is very likely not legally bound to recall, but I made a case how this is an issue of trust. You know what would have been a good move? A deal where you can order a new one at strongly reduced prices if you can show you had an affected device, or something among those lines. Or selling the affected ones for cheap and give the customers the choice. There are many ways to deal with that situation in a better way than they did and they decided to choose the one that helped their very short term bottom line the most.
As a owner of an affected Yubikey I have to saybthat the whole episode put an questionmark behind thir product for me. Not because it was affected, because of how they dealt with it.
What did they do? What I see is that I can't choose to order a key with an older firmware, and it explicitly says "firmware 5.7" everywhere I look.
> But if they sold cars and this was a defective airbag they would have been forced to replace them.
New cars have those electronic keys that work remotely (automatically close the door when you leave, automatically open when you arrive). There has been an increase of car thefts from those keys, because they are objectively less secure. Have you ever tried asking the car manufacturer to change the key for free? Or to sell you a new car at a strongly reduced price?
Is this really true? Looking at the Yubikey Shop I see that the purchase page explicitly states that the key is shipped with Firmware 5.7 (the fixed version). If a device is received with the old firmware, I would believe that this not intentional and support would resolve the problem.
My understanding is that the blog post complains about the fact that there was a security vulnerability in Yubikeys and that Yubico doesn't exchange everything they have sold until now. But it makes sense to me: I buy a Yubikey at time T, with firmware F that by design cannot be modified. I don't buy a subscription that will provide me with an updated key every month, it's a one-off.
Until the security flaw was discovered, my keys were fine. So I paid 50$ per key for 4 years, I don't think it's exactly expensive. Now there are two questions for me:
1. Should I replace my keys? In my case, I don't think so (given my threat model)
2. Should I stop trusting Yubico? I don't think so. It doesn't seem like this flaw is due to a total incompetence from their part. If I stopped trusting software every time a critical flaw was discovered, I wouldn't use software anymore.
The blog post then goes on claiming that Yubico pretends that they sell keys with the updated firmware (on their store, it clearly says if I am ordering a key with firmware 5.7 or not) but sell keys with older firmware. That would be pretty bad from Yubikey, but the blog gives absolutely no proof. It could as well just be an empty claim to hurt Yubico's reputation, for what I see.
Hmmm. Not excusing Yubico if the report is accurate, but I ordered 4x 5C NFC to replace my old keys, and they shipped with firmware 5.7.1 which does not have that vulnerability. Perhaps because they got the FIPS version, which is actually less secure because of NSA-borked protocols, but required for government compliance, and probably sells in lower quantities. The 5.7 firmware was released in May and so new-old-stock of the vulnerable firmware should have rotated out a while ago.
If I consider buying a security token similar to a Yubikey, I'll try hard to buy one with open firmware, and preferably open enough hardware. Something that has been independently inspected, and something that allows me to load the firmware I control and can inspect. (The ability to only load it once would be fine; an ability to securely update it would be really nice.)
That's about the only advantage I see with Nitrokey. Support is terrible (in my experience) and they sell unfinished products while advertising features they don't have.
I have never reached a point where I could trust Nitrokey (I have a Nitrokey that I never used because after waiting 2 years to receive it, it still had none of the features that were announced when I ordered it).
Classic strategy. Market leader is closed source. Follower attempts to be open source to gain market share despite being behind in features and market.
Has this strategy ever worked? Gitlab went public, but it's barely a fraction of what GitHub is.
The password manager market does not have a dominant player like Github vs Gitlab (others). Actually this would be more true if you add non commercial offerings like Keychain passwords, Google passwords and Firefox (other browsers password managers).
Lastpass didn't have a majority at anytime. And their decline is related more to thei breaches and horrible practices. They are trying to be relevant now. They offered my university free subscription for all students and faculty and still people don't even consider them. At least this is among people who consider password managers.
Also for bitwarden the controversy was about their SDK licence being proprietary but they re-licenced to open source [1]
For how new framework is they are actually pretty big on college campuses especially among engineering students in my experience. They're still a fairly new company in the scheme of things and I'd say the strategy is definitely not hurting them.
Yeah, not enough people care about open source right now. Maybe after this incident more will!
In any case you're right, if you try doing open source purely as a marketing tactic it may or may not work out. I think one good reason to do open source is because you believe it's more sustainable, or transparent, or just being decent to your customers.
My client was in the final stage of selecting security tokens.
They have contracts with administration and their tokens need to be secure.
I was strongly for yubikeys, now they will not be an option any longer.
It is not so much about the flaw, but about their handling of the broken security tokens, still claiming them to be somehow secure-ish.
Even if they offered us the new tokens, that wouldn't make a difference. Their claim to making the internet more secure for all, contradicts their attitude.
That seems really reactionary based on a single random report posted to HN. It’s worth actually verifying if this was intentional or accidental. They’re marketing the keys as having the new firmware. It would be really idiotic to do that and then intentionally ship old firmware. Anyone and everyone would be able to figure that out in an instant, and would severely damage their business.
I was in contact with a Sr. Customer Support Specialist from Yubico and I was not impressed by their denial of a problem.
The reason to get such a Hardware Token is, that the private key cannot be extracted, even if the users lose it.
They have plausible deniability for fraud with the broken devices.
Claiming that this would not be a problem and trying to explain why it is not a problem without considering their client could be right, is pure arrogance.
Only a complete exchange of the whole management of yubico could save them, when they want to be taken seriously ever again.
And of course the new management should immediately offer a cost free exchange program.
They also refuse to swap out vulnerable keys for high security environments where customers require to "update or replace any system with known vulnerabilites."
And when you do order a single key from them be prepared for a barrage of passive-aggressive sales e-mail along the lines "I wanted to discuss your rollout plan".
The new set of keys I bought earlier this year are affected. Last time a vulnerability like this one was discovered, they sent me a new replacement key. It appears that's not gonna happen this time.
It might make sense for a product that is hard to patch due to a more complex manufacture to drain supplies before updating. For a security product that is known to be vulnerable it is not forgivable to keep shipping.
https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable...
>“The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack,” the company said in its security advisory. “Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.” But those aren’t necessarily deterrents to a highly motivated individual or state-sponsored attack.