Raf G
@fiqus.bsky.social
An Agilist Dadgineer, teacher, journalist, consultant, hacker, vegan, KiwiBrit & creative. Microblogs represent my own views. http://mastodon.social/@fiqus (bridged: @fiqus.mastodon.social.app.brid.gy)
Reposted by Raf G
NinjaLab found the side channel when putting the Yubikey 5 through its paces. Yubico has confirmed the vulnerability and stopped using the vulnerable crypto library Infineon sells. As of Friday-72 hours after a coordinated dislosure-Infineon has yet to say a word publicly about the vulnerability.
September 6, 2024 at 11:03 PM
NinjaLab found the side channel when putting the Yubikey 5 through its paces. Yubico has confirmed the vulnerability and stopped using the vulnerable crypto library Infineon sells. As of Friday-72 hours after a coordinated dislosure-Infineon has yet to say a word publicly about the vulnerability.
Reposted by Raf G
Infineon hasn't even obtained a CVE for this vulnerability. The company says the initial email I sent seeking comment got caught in a spam filter. The PR person seemed completely unaware of the my Ars Technica post (arstechnica.com/security/202... ) when we finally connected on Friday.
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key.
arstechnica.com
September 6, 2024 at 11:09 PM
Infineon hasn't even obtained a CVE for this vulnerability. The company says the initial email I sent seeking comment got caught in a spam filter. The PR person seemed completely unaware of the my Ars Technica post (arstechnica.com/security/202... ) when we finally connected on Friday.