Crypto Vulnerability Allows Cloning of YubiKey Security Keys
04-September-24
The “Eucleak” vulnerability, discovered by NinjaLab, allows attackers to clone YubiKey security keys through a side-channel attack on an Infineon cryptographic library. By accessing the device physically and measuring electromagnetic signals during cryptographic operations, attackers can infer private keys and clone the device for targeted account access. Yubico has issued a security advisory and is transitioning to a different cryptographic library to address this issue. Devices running newer firmware versions are not affected.
