Skip Navigation

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

21 comments
  • It feels like this vulnerability isn't notable for the majority of users who don't typically include "Being compromised by a Nation-State-Level Actor."

    That being said; I do hope they get it fixed; and it looks like there's already mitigations in place like protecting the authentication by another factor such as a PIN. That helps; for people who do have the rare threat model issue in play.

    The complexity of the attack also seems clearly difficult to achieve in any time frame; and would require likely hundreds of man-hours of work to pull off.

    If we assume they're funded enough to park a van of specialty equipment close enough to you; steal your key and clone it; then return it before you notice...nothing you can do can defend against them.

21 comments