New Cyber Attack Can Steal Data From Hardware Security Keys

New Cyber Attack Can Steal Data From Hardware Security Keys

Passwarden® is a part of the MonoDefense security bundle

Hot news by the Passwarden team! Two French security experts and researchers Victor Lomne and Thomas Roche have discovered a dangerous vulnerability impacting hardware security keys. It allows hackers to recover the primary encryption key that is used in two-factor authentication to generate cryptographic tokens by the hardware security key.

Why exactly is it dangerous? According to the researchers, once a hacker obtains the encryption key, they will be able to clone the hardware security key to bypass 2FA procedures. The threat actor will no longer need your hardware security key - they will create one of their own to access your data!

What’s Required for the Attack?

This new threat sure seems disastrous for the owners of the affected security keys. Luckily, there are some restrictions to it that can limit the effectiveness and severity of the attack (tracked as CVE-2021-3011). 

Physical access

The most significant restriction is that the attack requires physical access to the device. It is understood that the attack won’t work over the internet, local network, or remotely. To exploit your hardware security key, a hacker would have to come into possession of it in the first place.

The casing has to be opened, leaving marks

Another complication for a potential attacker is the casing of the hardware security key. It’s designed so that it’s nigh impossible to open without softening one part of it with a hot air gun or whatnot. This procedure makes the casing permanently and noticeably deformed.

The casing has to be opened, leaving marks

Photo by NinjaLab

So, just check the casing before using the security and key and you’ll be home and dry, right? Unfortunately, no. Turns out the casing is also easy to clone - via 3D printing. The resulting model of the security key is pretty indistinguishable from the original, so you may be using it for a long time without realizing it.

How the CVE-2021-3011 Attack Works

These limitations help us imagine the most probable attack vector. A hacker will likely attempt to temporarily steal a hardware security key, clone it, and then return it to the owner without them noticing. This is a credible threat to many of today’s high profile executives and government workers.

This type of hacking is called a side-channel attack. Generally, it’s an attack where hackers observe a compromised computer system from the outside, monitor its activity, and utilize the collected data in follow-up breaches. Or, in the case of the CVE-2021-3011 attack, to reconstruct the primary ECDSA encryption key that the hardware security key uses to sign generated cryptographic tokens.

Are You at Risk and How to Mitigate it?

So, who might come under this new attack? The researchers say the vulnerability impacts hardware security key models based on the NXP A7005a chip (Google Titan, Yubico Yubikey Neo, a few Feitian versions, etc.) and NXP JavaCard chips. So first and foremost, be sure to check what chip your security key uses.

According to Lemne and Roche, users should probably switch to other FIDO U2F hardware security keys that are free of this vulnerability. Also, the process of cloning the hardware usually takes hours to perform, so you can notice that it’s missing if you’re paying attention. Finally, the attack requires custom software and expensive gear - this may incline hackers towards more affordable means that will be easier for you to fend off.

Manage and secure your passwords and sensitive information with Passwarden!

January 8, 2021