Ars Technica - All Content

81 readers

71 users here now

All Ars Technica stories

founded 4 months ago

MODERATORS

[email protected]

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (arstechnica.com)

submitted 2 months ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 2 months ago* (last edited 2 months ago) (3 children)

There's a firmware update that fixes the vulnerability. Kinda moot as long as you do updates.

EDIT: Seems you have to buy a new key for that, but the difficulty of executing the vulnerability means it probably doesn't matter anyway.

[–] danski 2 points 2 months ago (1 children)

I thought these device's firmware were strictly read only and can't get updates.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Apparently not.

EDIT: It seems they actually are? So I guess if you're at risk of having a national government try to break your security key, you should buy a new one.

load more comments (1 replies)