[tor-project] Advisory regarding your Yubikey

Antoine Beaupré anarcat at torproject.org
Thu Sep 5 19:37:53 UTC 2024 

As some of you have already noticed, a security issue regarding the
Yubikey 5 series has been released two days ago. Sadly, the Yubikeys
distributed at the 2023 Tor Meeting in Costa Rica are affected.

### The issue at hand

To work their magic, Yubikeys store a secret key inside them that is
never supposed to leave the device. Researches at Ninjalab found out
that by physically probing one of the chips inside a Yubikey, it is
possible to acquire this secret key. Once an adversary has acquired such
a secret key, they can use this to perform two-factor authentication
and/or OpenPGP operations, as if they were the owner of the device.

In practice, abusing this vulnerability is quite costly. It requires:

- having physical access to your Yubikey
- knowing a password(s) to one of your accounts protected by two-factor
  authentication (and/or your PIN if you use passkey) to get to your
  two-factor secret key
- knowing your PIN to get to your OpenPGP secret key
  
Nevertheless, it's not unthinkable that adversaries with sufficient
resources may be targeting Torproject.

### Am I affected?

- Was the Yubikey you use given to you in Costa Rica? Then yes, you are
  affected.
- Are you using a Yubikey 5 that was purchased before May this year?
  Then yes, you are affected.
- Are you using a Yubikey 5 that was purchased after May this year?
  Then you should check the firmware version to see if you are
  affected. Keys with firmware prior to 5.7 are affected.
 
For instructions on how to find out which firmware your Key has, see the
[Where to find YubiKey Firmware][] guide from Yubico. Command-line users
can use the `ykman info` command to view the firmware version.

[Where to find YubiKey Firmware]: https://support.yubico.com/hc/en-us/articles/12420838928284-Where-to-find-YubiKey-Firmware

### What does this mean for me?

The impact for you depends on what you use your Yubikey for. 

#### For two-factor authentication

If you use your Yubikey for two-factor authentication, this attack can
be used on top of a regular phishing attack to permanently break the
second factor and compromise your accounts, without you noticing.

#### For OpenPGP signing and decryption

If you use your Yubikey for OpenPGP signing or authentication, you
should check what type of key you have:

- If it's an RSA key, you are not affected by this vulnerability.
- If it's an elliptic curve key, and the attacker knows your PIN, this
  attack can be used to gain access to and make a copy of your secret
  key. An attacker could then forge signatures, authenticate to servers,
  or possibly decrypt other secrets.

### What should I do?

First of all, in the wise words of Douglas Adams: don't panic.

We advise you to take care of the following:

- Keep using your Yubikey for two-factor authentication, it is still
  much safer than TOTP (e.g., google authenticator) or not having any
  two-factor authentication.

- Do make sure you don't leave your Yubikey unattended, especially
  during conferences, in hotel rooms, etc.

- Avoid using passkey (passwordless authentication).

- Apply multi-coloured glitter nail polish on the casing of your Yubikey
  (yes, really) and store a photo of it. If you have reason to believe
  the device has been tampered with, check if the glitter is still the
  same.

- If you use your Yubikey for OpenPGP and have an elliptic curve key,
  please ensure you have a strong PIN. You may consider switching to an
  RSA key or switching to a newer Yubikey using firmware 5.7 or higher,
  depending on the impact a compromise of your key may have.

### References

 - YubiCo advisory YSA-2024-03: https://www.yubico.com/support/security-advisories/ysa-2024-03/
 - Technical paper: https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf .

### Further questions

If you have any questions about the safety of your Yubikey, please feel
free to contact TPA, see:

https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support

-- 
Antoine Beaupré
torproject.org system administration
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20240905/2252d326/attachment.sig>

More information about the tor-project mailing list