More

    YubiKey FIDO authenticators could be abused through unpatchable cryptographic flaw



    All physical multi-factor authentication (MFA) keys that work on Infeneon’s SLE78 microcontroller were said to be vulnerable to a cryptographic flaw which allows threat actors to clone the gadget and gain unabated access to restricted accounts. This includes the YubiKey 5, considered the most widely used hardware token based on the FIDO standard.

    In an in-depth technical analysis, researchers from NinjaLab described how they discovered the flaw, and what it means for those using YubiKey 5. As explained, the SLE78 microcontroller implements the Elliptic Curve Digital Signature Algorithm (ECDSA) as its core cryptographic primitive. In short, ECDSA is a cryptographic algorithm used to create digital signatures, and if a hacker is able to read this signature, then they are able to undermine the security of the entire token.

    https://cdn.mos.cms.futurecdn.net/WHhUf5P2fTpynRiAvDqLcB-1200-80.jpg



    Source link

    Latest articles

    spot_imgspot_img

    Related articles

    spot_imgspot_img