this post was submitted on 09 Sep 2024
20 points (95.5% liked)

Linux and Tech News

2090 readers
46 users here now

This is where all the News about Linux and Linux adjacent things goes. We'll use some of the articles here for the show! You can watch or listen at:

You can also get involved at our forum here on Lemmy:

Or just get the most recent episode of the show here:

founded 2 years ago
MODERATORS
leo@lemmy.linuxuserspace.show
20
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (arstechnica.com)
submitted 11 months ago by leo@lemmy.linuxuserspace.show to c/news@lemmy.linuxuserspace.show
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sonori@beehaw.org 3 points 11 months ago* (last edited 11 months ago) (1 children)

To be fair given some of the places and things YubiKeys protect, especially local government, finance, hospitals, and the like, this is one of the cases where a physical attack isn’t beyond the realm of possibility. I’m not cloning a Yubikey with specialized kit to break into a small business, but if it plus a password lets me log in as an accountant at an bank or investment firm on the target’s day off, well then it might be worth it for an attacker.

[–] stoy@lemmy.zip 4 points 11 months ago (1 children)

Yeah, I was thinking that when I wrote the comment, and aimed it at people working for a smaller company or using it in their personal life, I should have been clear on this.

[–] Telorand@reddthat.com 2 points 11 months ago

All they would have to do to mitigate the threat is buy new keys. The vulnerability doesn't exist in their keys since May.