CVE-2024-45678
📋 TL;DR
This vulnerability allows attackers with physical access and specialized electromagnetic equipment to extract ECDSA secret keys from YubiKey 5 Series and YubiHSM 2 devices through a side-channel attack. The attack exploits non-constant-time modular inversion in the Extended Euclidean Algorithm, potentially enabling key cloning and impersonation. Affected users include anyone using vulnerable Yubico hardware security keys for authentication or encryption.
💻 Affected Systems
- Yubico YubiKey 5 Series
- YubiHSM 2
📦 What is this software?
Security Key C Nfc By Yubico Firmware by Yubico
View all CVEs affecting Security Key C Nfc By Yubico Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Attackers clone cryptographic keys, impersonate legitimate users, bypass multi-factor authentication, and decrypt protected data.
Likely Case
Targeted attacks against high-value individuals or organizations where attackers can obtain physical access to security keys and invest in specialized equipment.
If Mitigated
Minimal impact if keys are properly stored, physical access is controlled, and devices are promptly updated.
🎯 Exploit Status
Exploitation requires physical access to the device, expensive electromagnetic analysis equipment (estimated $10k-$100k), and technical expertise in side-channel attacks. The research paper demonstrates successful key extraction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: YubiKey 5 Series firmware 5.7.0+, YubiHSM 2 firmware 2.4.0+
Vendor Advisory: https://support.yubico.com/hc/en-us/articles/15705749884444
Restart Required: No
Instructions:
1. Check current firmware version using YubiKey Manager or YubiHSM tools. 2. For YubiKey 5 Series, update to firmware 5.7.0+ via YubiKey Manager. 3. For YubiHSM 2, update to firmware 2.4.0+ using YubiHSM tools. 4. Note: Firmware updates may require re-enrollment of keys and credentials.
🔧 Temporary Workarounds
Physical Security Controls
allImplement strict physical security measures to prevent unauthorized access to hardware security keys.
Key Rotation
allRegularly rotate cryptographic keys and credentials stored on vulnerable devices.
🧯 If You Can't Patch
- Implement enhanced physical security controls for device storage and handling
- Consider replacing vulnerable devices with updated hardware if critical security is required
🔍 How to Verify
Check if Vulnerable:
Use YubiKey Manager (ykman) command: ykman info | grep 'Firmware version'. For YubiHSM 2: yubihsm-shell --versionCheck Version:
ykman info (YubiKey) or yubihsm-shell --version (YubiHSM 2)Verify Fix Applied:
Confirm firmware version is 5.7.0 or higher for YubiKey 5 Series, or 2.4.0 or higher for YubiHSM 2📡 Detection & Monitoring
Log Indicators:
- Unusual physical access to secure areas where hardware keys are stored
- Multiple failed authentication attempts followed by successful access from new device
Network Indicators:
- Authentication from unexpected locations or devices using previously registered keys
SIEM Query:
Authentication events where device fingerprint changes but cryptographic credentials remain the same🔗 References
- https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/
- https://news.ycombinator.com/item?id=41434500
- https://ninjalab.io/eucleak/
- https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
- https://support.yubico.com/hc/en-us/articles/15705749884444
- https://www.yubico.com/support/security-advisories/ysa-2024-03/
