Yubico Discloses Unfixable Cryptographic Flaw on Some YubiKeys

Yubico has disclosed a security vulnerability affecting certain YubiKey and YubiHSM devices, which rely on Infineon's cryptographic library. This flaw allows sophisticated attackers with physical access to potentially recover private keys used in cryptographic operations.

While the vulnerability is significant, it affects only older firmware versions, and Yubico has since removed the flawed library from its devices. However, the flaw itself is deemed unfixable, meaning affected devices will remain vulnerable unless replaced.

The vulnerability was first reported by Dr. Thomas Roche from NinjaLab on April 19, 2024, and impacts YubiKey 5 Series and YubiHSM 2 devices running firmware prior to versions 5.7.0 and 2.4.0, respectively.

Devices such as YubiKey FIPS, YubiKey Bio, and Security Key Series also fall under this category if using earlier firmware. The flaw lies in the implementation of the ECDSA (Elliptic Curve Digital Signature Algorithm), which could be exploited to recover private keys, allowing an attacker to forge cryptographic signatures.

Exploit details

For an attacker to successfully exploit this vulnerability, they would need physical possession of a vulnerable YubiKey, Security Key, or YubiHSM device. This requirement reduces the likelihood of a widespread attack, but the risk for users remains significant.

If successfully exploited, attackers could recover sensitive cryptographic keys, such as those used in FIDO-based authentication, which could be used to impersonate users or steal credentials. In addition, the retrieved private keys could be transferred onto another physical key, enabling a stealthy takeover of user credentials without raising suspicion.

Scope of impact

The vulnerability primarily affects devices using the FIDO standard, which relies on ECDSA for authentication. FIDO-based authentication plays a significant role in passwordless security and is often used in sensitive corporate environments.

Depending on the configuration, other cryptographic functions such as PIV (Personal Identity Verification) and OpenPGP applications could also be impacted. These tools are widely used in corporate security infrastructures, making this vulnerability a concern for organizations that rely on Yubico hardware for cryptographic operations.

List of affected products:

• YubiKey 5 Series (firmware prior to 5.7.0)
• YubiKey FIPS and CSPN Series (prior to 5.7)
• YubiKey Bio Series (prior to 5.7.2)
• Security Key Series (all versions prior to 5.7.0)
• YubiHSM 2 and YubiHSM 2 FIPS (versions prior to 2.4.0)

While Yubico has moved away from Infineon's cryptographic library in favor of its own solution for newer devices, older keys remain vulnerable, and this flaw cannot be patched through firmware updates. This makes the vulnerability “unfixable” for affected versions, requiring users to replace the hardware to fully mitigate the risk.

Mitigation advice

Yubico advises users to immediately upgrade to the latest versions of their devices, particularly those using FIDO, PIV, or OpenPGP functionalities. Specific measures for mitigating risks include:

• For PIV and OpenPGP applications, switching from elliptic curve keys (which use ECDSA) to RSA keys can help avoid the vulnerability.
• Organizations using FIDO keys should consider shortening session lengths and increasing the frequency of authentication to detect unauthorized access attempts more quickly.
• For organizations relying on FIDO attestation, Yubico recommends supplementing FIDO login with additional credentials, such as YubiOTP or RSA attestation statements.

While this vulnerability requires physical access and specialized knowledge to exploit, the potential impact of key recovery is significant. Attackers could forge signatures, impersonate users, or bypass critical security systems in a stealthy manner. For users of affected YubiKey and YubiHSM devices, upgrading to newer versions or transitioning to more secure cryptographic configurations is essential to safeguard their systems.