September 4, 2024 at 01:59PM A new “EUCLEAK” flaw affects FIDO devices, such as Yubico’s YubiKey 5 Series, using the Infineon SLE78 microcontroller, allowing attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys. The attack requires extended physical access and specialized equipment, limiting the risk to highly sophisticated, state-sponsored threat actors against high-value … Read more
September 4, 2024 at 01:51PM A new security flaw called “EUCLEAK” has been discovered in FIDO devices utilizing the Infineon SLE78 security microcontroller, such as the Yubico YubiKey 5 Series. The flaw allows attackers to extract secret keys and clone the FIDO device using a side-channel attack, requiring specialized equipment and a high level of … Read more
September 4, 2024 at 08:36AM NinjaLab demonstrated the Eucleak attack, exploiting a vulnerability in third-party cryptographic libraries to clone YubiKey hardware authentication devices. The attack requires physical access and equipment to extract the cryptographic key, but Yubico has issued a security advisory and implemented firmware updates to mitigate the issue. Infineon is also working on … Read more