Avatar
Renaud Lifchitz 1y ago

EUCLEAK - Extraction of the ECDSA #secret #key of #Yubikey 5 series FIDO devices

https://ninjalab.io/eucleak/

Reply to this note

Please Login to reply.

Discussion

Avatar
jimbocoin πŸƒ 1y ago

Does it require physical access to the device?

Avatar
Renaud Lifchitz 1y ago

Yes, it is written:

"The attack requires physical access to the secure element"

Avatar
jimbocoin πŸƒ 1y ago

Thanks, then I don’t see how this is newsworthy.

If you have physical access to the Yubikey, you can just tap it to get it to sign. No exfiltration necessary.

Avatar
Renaud Lifchitz 1y ago

This allow the cloning of the key, with no trace

Avatar
dannybuntu 1y ago

Thank you for sharing.

Avatar
dannybuntu 1y ago

resharing on twitter. i mean x