Surveillance Report

Are You Vulnerable To This New Yubikey Attack?

Sep 9, 2024
A critical vulnerability in Yubikey devices raises alarms over key cloning, highlighting the need for personalized security practices. The discussion also reveals alarming data breaches affecting mental health and automotive sectors. Recent privacy challenges are scrutinized, particularly Clearview AI's legal troubles. Additionally, advances in open-source tools like VPNs and password managers are explored, alongside concerns over the rise of personalized sextortion scams and new Bluetooth tracking capabilities.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Yubikey Cloning Vulnerability Details

  • The Yubikey 5 series has a cryptographic flaw allowing cloning with physical possession and specialized tools.
  • This cloning attack is high effort, costing about $11,000 and over 24 hours, thus mainly a risk for highly targeted users.
INSIGHT

Additional Yubikey Security Layers

  • Yubikeys offer optional user authentication like PIN or biometrics, which an attacker must also have to clone the key.
  • SoloKey and NitroKey are not affected as they use different chips than those vulnerable in Yubikeys.
ANECDOTE

Henry’s Perspective on Cloning Risk

  • Henry personally uses Yubikey for phishing protection and is not very concerned by the cloning flaw.
  • He considers the vulnerability mainly a risk for highly targeted individuals under advanced threat scenarios.
Get the Snipd Podcast app to discover more snips from this episode
Get the app