EUCLEAK attack

Posted Sep 4, 2024 16:25 UTC (Wed) by hmh (subscriber, #3838)
In reply to: FIDO2 HW token on office.com by Wol
Parent article: Firefox 130.0 released

The cute name for this one is "EUCLEAK" (and it *does* deserve to be named, even if just for the sheer educational value of the disclosure paper. And let's not joke about the impact this has, either, although hopefully it won't make it to specialized local criminal gang expertise level anytime soon).

The attack is *not* "easy" in the normal way you'd use that word, and the security researchers make it quite clear that you are much better off keeping your vulnerable device in use, than trying to do without any security token at all. But you should still replace it with a fixed one in due time. And ensure any new ones you get are not vulnerable [to that attack], of course.

Do read, or at least skim, their paper if you have the time. It is worth it.

BTW, it is not just Yubikeys and other hardware tokens like it: the attack works on many crypto-currency hardware wallets, and also e-passports from several countries, for example. For at least the wallets, well, you really should find a non-vulnerable one sooner than later if the amount of crypto-currency involved is non-trivial IMO.

Better links:
https://ninjalab.io/eucleak/
https://news.ycombinator.com/item?id=41434500

EUCLEAK attack

Posted Sep 4, 2024 21:56 UTC (Wed) by geuder (subscriber, #62854) [Link] (3 responses)

> Do read, or at least skim, their paper if you have the time. It is worth it.

I agree. Really understanding the 80+ pages is probably impossible for 99.9% of the readers including myself. But I found it rather accessible to read anyway.

They also say clearly in the beginning: It's safer to use an affected Yubikey than not to use it because of their discovery.

Unless you are Julian Assange, Edward Snowden, or someone with similarly powerful adversary there is nothing to be worried about even after this attack.

EUCLEAK attack

Posted Sep 5, 2024 10:01 UTC (Thu) by farnz (subscriber, #17727) [Link] (2 responses)

Specifically, for the EUCLEAK attack to be of concern to you, the attacker needs to be able to do the following without getting caught:

Take your Yubikey away from you.
Enroll your Yubikey against a site they control.
Disassemble your Yubikey completely, destroying the packaging in the process.
Spend approximately 5 minutes repeatedly authenticating against their site as fast as possible to gather data.
Put new packaging on your Yubikey such that you're not going to notice in the time frame they need the clone to work for, noting that it will take at least 30 minutes to analyze their data and be able to create a clone.
Return your Yubikey to you.

Steps 1, 3 and 5 are all hard to do without leaving traces, unless you've got powerful backers, and for most of us, the work involved in doing those steps is not worth the gain (access to accounts protected by Yubikey + password).

EUCLEAK attack

Posted Sep 5, 2024 11:49 UTC (Thu) by excors (subscriber, #95769) [Link] (1 responses)

Also, as I understand it, the attack is only relevant in a scenario where the attacker can't simply use your Yubikey directly (perhaps in combination with a password that they phished or keylogged from you earlier) and then either keep it or give it back to you. They only need to clone it if they want long-term persistent access to your account, without you noticing and revoking the device. If you're just using a Yubikey to protect your password manager or bank account etc, they could already steal your passwords/money/etc without this cloning attack, so it's no worse than before. (But in other scenarios it may still be a real problem.)

EUCLEAK attack

Posted Sep 5, 2024 13:14 UTC (Thu) by farnz (subscriber, #17727) [Link]

Indeed - and one of the consequences of that is that the attack is only relevant where the attacker has the capability to do a complex process taking about an hour and with risk of getting caught in order to clone your Yubikey, but does not have the capability to take your Yubikey and keep you from noticing that they've done so (e.g. because they've got you in a jail cell) until they've finished extracting everything of value from your accounts.

Doesn't stop it being a cool piece of research, and something we should aim to defend ourselves against in the long run; does mean that it's of limited practical relevance.