EUCLEAK and Side Channels
And it’s not just YubiKeys
Proper cryptography is hard and not for novices!
A crack has been discovered for the YubiKey 5 series — EUCLEAK — and which focuses in on weaknesses within the Infineon Technologies library [here]:
It uses a side channel attack and where radio emissions are captured, and which then reveals the ECDSA private key used on the device. This allows an adversary to potentially clone the device. And, so, while YubiKey 5 series devices are vulnerable, there are many other devices which use the Infineon cryptographic library. This includes crypto-currency wallets, electronic passports and TPMs. The scope of the vulnerability could thus be extensive, and could affect any embedded device which uses the Infineon cryptographic library.
The setup involves using an antenna about the Infineon chip and then a high frequency digital oscilliscope to recover the emitted radio signals: