Yubikey olvasnivaló :-(

Hozzászólások

Azert ez nem egy egyszeru bedugom lemasolom tortenet:

 

  1. The adversary steals the login and password of a victim’s application account protected with FIDO (e.g., via a phishing attack).
  2. The adversary gets physical access to the victim’s device during a limited time frame without the victim noticing.
  3. Thanks to the stolen victim’s login and password (for a given application account), the adversary sends the authentication request to the device as many times as is necessary while performing side-channel measurements.
  4. The adversary quietly gives back the FIDO device to the victim.
  5. The adversary performs a side-channel attack over the measurements and succeeds in extracting the ECDSA private key linked to the victim’s application account.
  6. The adversary can sign in to the victim’s application account without the FIDO device and without the victim noticing. In other words, the adversary created a clone of the FIDO device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its authentication credentials.

The list, however, omits a key step, which is tearing down the YubiKey and exposing the logic board housed inside. This likely would be done by using a hot air gun and a scalpel to remove the plastic key casing and expose the part of the logic board that acts as a secure element storing the cryptographic secrets. From there, the attacker would connect the chip to hardware and software that take measurements as the key is being used to authenticate an existing account. Once the measurement-taking is finished, the attacker would seal the chip in a new casing and return it to the victim.