Well my 5C is old enough to be vulnerable, but it doesn't say anything about the discontinued Neo. I still use the Neo a lot, but since they stopped making it in 2018, should I upgrade it or is it still safe to use?

  • skim replied to this.

    Aeon Thanks for posting this alert. I'm sure many people here are interested.

      de0u

      My thinking exactly :-) I see a lot of people talking about Yubikeys and other hardware Tokens here on the forum :-)

      That's very interesting and disappointing. Is there any recommendations for a replacement option?

        chock-a-block as per yubico.com :

        Not Affected Products
        YubiKey 5 Series version 5.7.0 and newer

        YubiKey 5 FIPS Series 5.7 and newer (FIPS submission in process)

        YubiKey Bio Series versions 5.7.2 and newer

        Security Key Series versions 5.7.0 and newer

        YubiHSM 2 versions 2.4.0 and newer

        YubiHSM 2 FIPS versions 2.4.0 and newer

        Is it such a hot take to criticize that their firmware is proprietary and not upgradable? I assume this would be not a big deal if it was open source and they released a quick fix for everyone that gets flashed on next app launch... I'm also not sure it's a security advantage to avoid firmware upgrades as an attack vector, because once an exploit inevitably hits, there's nothing you can do except buy a new key (which most regular users won't do).

        chock-a-block Is there any recommendations for a replacement option?

        I'd say a current OnlyKey or Nitrokey as they come with open source and upgradable firmware, but maybe some downsides you don't like (e.g. OnlyKey comes without NFC capabilities).

        Oh, would this have been patchable with a simple firmware upgrade?

        I see claims on the internet that having upgradable firmware on a security key would pose a security risk in that an attacker could socially manipulate you into flashing a fake firmware upgrade. Allegedly this is what Yubico also believes. Please tell me, is there something inherently unique to FIDO2 keys that make it impossible for them to have secure and verifiable firmware upgrades?

        • de0u replied to this.

          An attacker with physical possession of the YubiKey could recover FIDO credentials.

          In order to exploit this issue against credentials made with strict user verification requirements via credential protection policy userVerificationRequired, an attacker would also need to have possession of the user verification (UV) factor as well (i.e. PIN or biometric).

          If the Yubikey models with firmware prior to 5.7 supported CTAP2.1, it would be possible for the user to manually set the property userVerification to required on the Yubikey itself, in order to avoid relying on the Relying Party (i.e. service) for this. Alas, only the latest Yubikey firmware supports CTAP2.1.

          fid02 Oh, would this have been patchable with a simple firmware upgrade?

          It sounds that way to me.

          fid02 I see claims on the internet that having upgradable firmware on a security key would pose a security risk in that an attacker could socially manipulate you into flashing a fake firmware upgrade.

          If firmware updates were properly signed and versioned that wouldn't work. That is the approach Google took with Pixels.

          But adding a firmware update path would add cost and risk: it would be more code, which itself might contain exploitable bugs.

          It seems Yubico decided the additional cost and risk were high compared to the benefit. Unlike Pixels, the devices are not all that expensive, so replacing them is not that unreasonable... except for one little issue.

          Right now lots of people probably want to replace a Yubikey or two or three... but if Yubico can't produce them infinitely fast, a lot of people may need to wait in line. If Yubico were one small manufacturer among many, and if organizations supported keys made by lots of manufacturers, that might not be a problem. But this might be a bit of a crunch situation.

          Luckily the attack (as understood so far) seems laborious and in-person and appears to work only after a user's other credentials are blown.

            7 days later

            Yes, while this seems like a considerable side channel attack, it's not one that really needs to be worried about for the majority of people. Since this is a vulnerability with FIDO authentication leading to key discovery, the scary title of "YubiKeys Cloneable!" isn't entirely accurate. The rest of the credentials on the key are safe, the whole key cannot be cloned, and triggering the use of the FIDO credential (i.e. logging in to the site with the FIDO cred) is required to actually make use of the side channel vuln.

            From the Ars Technica article:

            The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low. Roche said that two-factor-authentication and one-time password functionalities aren't affected: because they don't use the vulnerable part of the library.

            If this vuln scares you but you don't want to replace your key (and I would argue anyone except high risk individuals don't bother), simply invalidate all of your FIDO credentials and switch to password login. Lock that password with something on the YubiKey/some other secret. You lose the convenience of quick FIDO logins, but honestly I never liked FIDO-only single-factor login anyway (nor the thought that the website owner now knows I am using a FIDO key), so I never used it and am not affected by this security advisory :)

            Do note that if your FIDO credential is not the only factor in use, the hypothetical attacker must possess all of that information prior to executing this attack. If a username, password, PIN, face scan, or etc is required before your FIDO credential is used, the difficulty of the attack goes up.

              sev why would you be against a website owner knowing you use a FIDO key for authentication? I'm just curious, not criticizing.