A vulnerability in devices allows recovery of the primary encryption key and bypassing two-factor authentication.
French security researchers at NinjaLab have discovered a dangerous vulnerability (CVE-2021-3011) in the chips used in the Google Titan and YubiKey hardware security keys.
Exploitation of the vulnerability allows attackers to recover the primary encryption key (ECDSA algorithm) used by the hardware security key to generate cryptographic tokens and bypass two-factor authentication operations.
According to experts, a side-channel attack cannot be carried out remotely, over the Internet or over a local network. To use a Google Titan or Yubico security key, an attacker first needs to open the device’s case, and it is quite difficult to do this without damaging the plastic.
“The plastic housing is in two parts, which are firmly glued together and are not easy to separate with a knife, cutter or scalpel. We used a hot air gun to soften the white plastic and be able to easily separate the two body parts with a scalpel. The procedure is simple enough and, if done carefully, keeps the PCB safe, ”the researchers noted.
The researchers said that by examining about 6,000 operations performed on the NXP A7005a microcontroller, the chip used in Google Titan security keys, they were able to recover the primary ECDSA encryption key to sign every cryptographic token ever created on the device.
The vulnerability affects all versions of Google Titan, Yubico Yubikey Neo, Feitian FIDO NFC USB-A / K9, Feitian MultiPass FIDO / K13, Feitian ePass FIDO USB-C / K21, Feitian FIDO NFC USB-C / K40, as well as devices based on chips NXP JavaCard (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65 , J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M364_DF etc.
The experts also noted that the hacking process usually takes several hours, requires expensive equipment and special software.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944