YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/
Sophisticated attack breaks security assurances of the most popular FIDO key.
Edit: Yubico has issued a security advisory on the vulnerability https://www.yubico.com/support/security-advisories/ysa-2024-03/
“The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.”
That sounds like the attacker would need to basically already know how to unlock it...