saying "it's not surprising that a yubikey falls victim to a side channel attack" is the same kind of silly as saying "it's not surprising that a c codebase is remotely exploitable": it's currently the norm, but it really shouldn't be

also it means nothing that it costs $12,000 today. today it's $12,000, tomorrow someone ports it to a $12 devkit, like it happened with carjacking for example. on a quick glance, the attack itself seems like it'd allow that

if it starts costing $12, then your controlling husband might decide to do it behind your back, which is how the attacker would have physical access and know both login and password; great way to monitor your spouse's emails in a largely unnoticeable way

i think it's fairly important

@whitequark Has anyone demonstrated a cheaper version of the similar side-channels on other hardware keys? Not saying it isn't bad, but there's still a fundamental difference between "if you get connected to the CAN you can drive the car away", and "if you can get a high performance oscilloscope probe directly onto the package, and you already have the first factor authentication, and the device pin, you can extract the key".

@dotstdy i actually meant the type of attack where you relay a proximity car keyfob using a pair of high speed radios. i recall that it used to require specialist hardware but was eventually ported to one of those $50 TI devkits

re: the question: not to my knowledge, but i don't want to count on "nobody has done it publicly yet" for something that can be fixed in firmware

re: device pins: i wonder how many people actually use those in first place vs relying on it being a piece of hardware?

@whitequark They're also to a degree, physically secure devices. So in order to be unnoticed the attacker would need to be able to deconstruct the device without damaging it, and then re-construct it in a plausible way. The second step in particular is not easy since yubikeys are a single piece of molded plastic. They don't have seams. (Whether people would notice seams appearing on their own device? hard to say)

@dotstdy oh, you're right, i completely missed that detail

that said, @dotstdy points out that you'd have to take it apart and then put it back together, which i completely blanked out on (for some reason i thought you could do it without modifying the device), and which probably makes the scenario i described above irrelevant

@whitequark undeniably true. I'd also add that these attacks, while pretty niche, do attract the attention to a platform which was previously deemed "unbreakable".

In many ways this is similar to how work by people in the 90s (TESO, for example) drew my attention to µcode and John Heasman's work on ACPI to NIC firmware. Now look at the µcode panorama where you have an attack a day or firmware where there's an attack an hour (OK, sort of)

Nothing like breaking a myth.

@whitequark Yeah I mean, if you could side-channel it through the packaging, then I would be with you. OTOH if you could accurately side-channel in that manner I'm pretty sure you've got *huge* issues across basically every device that exists.

@whitequark irrelevant now and, also, putting it back together does not mean you cannot fool certain level of victims - trust is always the core of the issue.

We trusted Yubikey to be secure, we told everyone it was The Thing for security, now what do we do? Do we start saying "actually…" - that doesn't work, people ignore every single "actually" or more sophisticated explanation about literally everything.

@dotstdy

@whitequark incidentally, there is a beautiful parallel which I always make when discussing security and "1st papers about an attack": the so-called "nth country problem".

This is an issue in nuclear proliferation which, in a few words, says that the nth country to become a nuclear power has the benefit of knowing that it works, and what works (unlike the Manhattan Project which started on the basis of pure theory).

The "nth country problem" was actually tested by the USA by giving three Physics PhD students access to all open literature on nuclear weapons and asking them to design a weapon. They did and analysis by LANL weapons designers actually showed that it would go b00m.

Hence, even if the 1st paper is extremely unlikely (compare to the Trinity test of the Pu implosion device - there was quite a bit of uncertainty that it would work) it does not mean that it cannot be done.

@cynicalsecurity @whitequark This is, a bit of a take. If you "trust" anything to be perfectly secure (or perfectly anything), for all time, then you're just setting yourself up for disappointment. The problem here is just that it's a significant reduction in the cost of physically extracting a key from a hardware device (but not by any means, a reduction to zero). Fortunately as an individual you can trivially rotate your hardware tokens, and the side-channel is gone.

@dotstdy I am bringing the social issue to the forefront: we, as in the Security Theatre Company, have said that Yubikey is The Secure MFA to the great unwashed masses. We might have set ourselves up for a bit of a problemette in the same way we spent ages telling everyone "if there's a pretty green lock then the website is secure" and then came Let's Encrypt…

Your statement "Fortunately as an individual you can trivially rotate your hardware tokens, and the side-channel is gone." is dangerously skewed to technologically savvy people, and this is what causes problems.

@whitequark

@whitequark I try to avoid bragging but my work on Broadcom NICs in 2007-2008 pointed [non state-sponsored, open research] people to firmware and "bits of software we didn't think were around our machines".

It was a lot of work which targeted a very specific Broadcom NIC with very low probability of working on different models, required it to be based on MIPS, etc. etc.

Now, in 2024, pretty much everyone assumes that firmware is, by default, insecure unless otherwise proven.

The same goes for µcode - talking about "nasty MOV" opened the floodgates (I specifically gave credit to TESO for the K8 µcode dump).

@cynicalsecurity @whitequark For the vast majority of people, the security model of a yubikey is not changed at all by this issue. For anybody who is at risk from attackers with advanced capability, then it does potentially change things, but not really any more than their unique threat situation already voids generic advice. (and even with an old key, it's also just like "keep an eye out for evidence of physical tampering") So I feel a lot of the hand-wringing is a bit over-cooked.

@dotstdy the security model is not affected _now_ but the aura of "unbreakability" has been broken. That is what matters and what attracts more and more attention which, statistically, means we might be in for a rough ride.

@whitequark

@cynicalsecurity @whitequark Keep in mind too, that often people are mixing and matching sophistication levels to drive a narrative. If I had access to your yubikey, pin and first level authentication, I would simply log into your email and enroll a second yubikey, then delete the "hey you enrolled a new key" email. Then I wouldn't even need the time to disassemble and reassembly your key, an hour or so of scope time, a few hours of offline processing in the first place.

@cynicalsecurity @whitequark If I was feeling really clever I would replace the credentials for your backup key, rather than just adding a third. That way it'd survive even a cursory check of "what keys do I have enrolled in this account" unless you were mentally keeping track of the public keys for your enrolled hardware.

@dotstdy I think you are still missing my point - my point is exquisitely based on social engineering and a harsh critique of the behaviour of the security industry in declaring something "Safe" and "The Answer" without thinking about medium and long-term implications.

Have we been saying that Yubikey is the dog's bollocks for MFA? Yes.
Have we been telling everyone "¡Yubikey o muerte!"? Yes.
Is this is a good idea? No because absolutes are there only to be proven wrong, especially in the security sphere.

I don't care how complex the attack is _now_ or how many alternatives there are, I care about the pedestal on which we repeatedly put technology which then fails us and we have an immensely complicated job to undo our hyperbolic statements on the security of whatever is the security-thing-du-jour.

@whitequark

@cynicalsecurity heh. for me the turning point was a friend REing Galaxy S2's RIL

@whitequark I cherish those moments, I don't know about you but reading someone's research which might be somewhat tangential and then starting to think about "oh, what if I did…". The whole brainstorm which follows is infinitely gratifying.

@cynicalsecurity @dotstdy @whitequark can you provide a bit more context on the problem with https and Lets Encrypt?

@bgergely0 for years, prior to the existence of Let's Encrypt for certificates, the security industry advertised "the lock" as a measure of security of a website and, worse, trust.

As obtaining a certificate cost $$ at the time it was unlikely to be used by criminals, at least not at volume, meaning that they would stick with plain HTTP and, therefore, "the lock" meant "trust the site".

Then Let's Encrypt came around which meant that creating any site with "the lock" became trivial.

Oops.

You have a population of users brought up on the false security of "the lock" meaning "trust" that you now have to teach that "the lock" means literally nothing to them (there is no point trying to explain encryption to the user population, it makes zero difference to them).

@dotstdy @whitequark

@cynicalsecurity

IMO a major difference here is that TLS auth never meant to guarantee anything about the intentions of the other party, so crooks obtaining certs (for money or free) is not something to be fixed. This means, that communicating that lock==trust has been plain wrong (see also signed .exe==goodware).

In case of security keys attacks like the current one aren't supposed to happen and there is an incentive to fix/prevent such issues. This of course should not mean that we should blindly trust these devices (as you pointed out) but I'd argue that the concepts the industry communicates (separate your keys from your computer; prevent duplication...) are mostly right in this case ("save your keys in the cloud" is an obvious counter example).

@bgergely0 @dotstdy @whitequark

@buherator well no, I disagree, the message of the main SSL certificate vendors was very much "the lock means trust" and this is what people were taught.

The fact that the "communication" (or, better, "the marketing lie") went out is both despicable and a nightmare we still have to deal with.

My gripe about absolutes in the Security "Industry" remains: "this is secure" is one thing, "trust this" is another. Trust is fickle and should not be given just because a vendor / group of vendors / industry association / with a vested interest says so (another fine example would be TPM).

So my point with respect to Yubikey still stands: it is touted by many as "The Answer" to secure logins. It is _an_ answer, it might be vulnerable, etc. etc.

@bgergely0 @dotstdy @whitequark

@buherator to clarify further:

* the statement: "we use Yubikey to improve the security of our login process making it harder for criminals to access your account" is a valid one.

* the statement: "we use Yubikey to make our logins impossible to abuse" is not a valid one.

The vast majority of the industry is only able to emit the latter and continues emitting the latter.

@bgergely0 @dotstdy @whitequark

@cynicalsecurity @dotstdy @whitequark

I have never heard anyone worth their salt say that *anything* is perfectly secure.
"Anything can be hacked, and anyone" has always been a fundamental principle of InfoSec.

People speaking of "perfect security" are likely the same that think blockchain will fix all economic problems and AI will fix the rest.
Techbros, Marketing people, sales people.
NOT InfoSec professionals. At least not respectable ones.

@Bartmoss_h4x0r since when does the majority of the _normal_ users listens or actively seeks respectable professionals?

The marketing is, unfortunately, a much stronger voice.

@dotstdy @whitequark