Tech & Gadgets

YubiKey FIDO authenticators can be exploited due to an unpatchable cryptographic flaw

All physical multi-factor authentication (MFA) keys that run on Infeneon’s SLE78 microcontroller are reportedly vulnerable to a cryptographic flaw that could allow malicious actors to clone the gadget and gain unrestricted access to restricted accounts. This includes the YubiKey 5, which is considered the most widely used hardware token based on the FIDO standard.

In a in-depth technical analysisResearchers from NinjaLab described how they discovered the flaw and what it means for those using the YubiKey 5. As explained, the SLE78 microcontroller implements the Elliptic Curve Digital Signature Algorithm (ECDSA) as its core cryptographic primitive. In short, ECDSA is a cryptographic algorithm used to create digital signatures, and if a hacker can read this signature, they can undermine the security of the entire token.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button