YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key.
You're viewing a single thread.
For the price they charge, they should be made so that opening the case will destroy the contents. They could have at least potted them.
Potted?
Encasing the circuit board in epoxy. It makes it very difficult to access components without destroying it. It's also great for water proofing and increasing the mechanical robustness.
Thanks! That makes a lot of sense.
No negatives listed on the Wiki page. Are there any? Does potting increase the likely hood of overheating?
There is potting compound with high thermal conductivity for things that produce a lot of heat. A YubiKey hardly uses any power, so heat should not be an issue.
The main downsides of potting are that it makes repair practically impossible and it can add a lot of weight if there is a large volume to be filled.
that makes sense. Thank you.
Potting Grrrr. My fancy track lighting has been potted. It sucks because absolutely no place (even China) sells the 48v LED driver with the odd body shape to bypass the internal mounting screws, and the potting means I can't access the board to desolder a resostor or something
Physical anti-tamper, while important for this type of device, wouldn't have helped for this particular attack. It's an electromagnetic side channel, so they don't even have to be touching the the thing to collect data.
