"The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday."
well duh, that's the whole point of it?
i think the fingerprint enabled devices have a countermeasure that they require a fingerprint match to work but that can also be spoofed much the same as an electrical fucking contact
TL;DR: keep your yubikey on you at all times ffs
nostr:nevent1qyghwumn8ghj7mn0wd68ytnvv9hxgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qgkwaehxw309a5xjum59ehx7um5wghxcctwvshszxthwden5te0wfjkccte9ehx7umhdpjhyefwvdhk6tcqypmsh5pgfgj3r0j57q7xqevn6u6myxpt8lksk8wsthnm3fmnytz02s35vcs
the more concerning part is that this applies to other infineon chips like smart cards
Please Login to reply.
this doesn't include NFC capable devices like credit cards tho?
they also share the same crypto libs, but those use symmetric crypto usually
