Lucky
Essential
- Joined
- 14.09.20
- Messages
- 97
- Reaction score
- 449
- Points
- 33
The vulnerability in the devices allows you to restore the primary encryption key and bypass two-factor authentication.
French security researchers at ninjalab have discovered a dangerous vulnerability (CVE-2021-3011) in the chips used in Google's Titan and YubiKey hardware security keys.
Exploiting the vulnerability allows attackers to recover the primary encryption key (ECDSA algorithm) used by the hardware security key to create cryptographic tokens and bypass two-factor authentication operations.
According to experts, an attack on third-party channels can not be carried out remotely, over the Internet or over a local network. To use the Google Titan or Yubico security key, an attacker must first open the device case, and it is quite difficult to do this without damaging the plastic.
"The plastic case consists of two parts that are firmly glued together, and they are not easy to separate with a knife, cutter or scalpel. We used a heat gun to soften the white plastic and be able to easily separate the two parts of the case with a scalpel. The procedure is quite simple and, with careful execution, allows you to keep the printed circuit board safe, " the researchers noted.
The researchers said that by examining about 6,000 operations performed on the NXP A7005a microcontroller, a chip used in Google's Titan security keys, they were able to recover the primary ECDSA encryption key to sign every cryptographic token ever created on the device.
Experts also noted that the hacking process usually takes several hours, requires expensive equipment and special software.
The vulnerability affects all versions of Google Titan, Yubico Yubikey Neo, Feitian FIDO NFC USB-A/K9, Feitian multipass FIDO/K13, Feitian ePass FIDO USB-C/K21, Feitian FIDO NFC USB-C/K40, as well as devices based on NXP JavaCard chips (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M59_DF, J3D081_M61_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF and J3E016_M64_DF).
French security researchers at ninjalab have discovered a dangerous vulnerability (CVE-2021-3011) in the chips used in Google's Titan and YubiKey hardware security keys.
Exploiting the vulnerability allows attackers to recover the primary encryption key (ECDSA algorithm) used by the hardware security key to create cryptographic tokens and bypass two-factor authentication operations.
According to experts, an attack on third-party channels can not be carried out remotely, over the Internet or over a local network. To use the Google Titan or Yubico security key, an attacker must first open the device case, and it is quite difficult to do this without damaging the plastic.
"The plastic case consists of two parts that are firmly glued together, and they are not easy to separate with a knife, cutter or scalpel. We used a heat gun to soften the white plastic and be able to easily separate the two parts of the case with a scalpel. The procedure is quite simple and, with careful execution, allows you to keep the printed circuit board safe, " the researchers noted.
The researchers said that by examining about 6,000 operations performed on the NXP A7005a microcontroller, a chip used in Google's Titan security keys, they were able to recover the primary ECDSA encryption key to sign every cryptographic token ever created on the device.
Experts also noted that the hacking process usually takes several hours, requires expensive equipment and special software.
The vulnerability affects all versions of Google Titan, Yubico Yubikey Neo, Feitian FIDO NFC USB-A/K9, Feitian multipass FIDO/K13, Feitian ePass FIDO USB-C/K21, Feitian FIDO NFC USB-C/K40, as well as devices based on NXP JavaCard chips (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M59_DF, J3D081_M61_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF and J3E016_M64_DF).