Attackers Can Clone Google Titan 2FA Keys Via a Key-Recovery-Attack Using A Side Channel in NXP Chip

Top Software Testing Services

Attackers Can Clone Google Titan 2FA Keys Via a Key-Recovery-Attack Using A Side Channel in NXP Chip

The most secure intends to protect one’s account from breaches, takeover, and phishing attacks is considered to be the hardware security keys likewise served by Yubico and Google. An examination that was published on Thursday explained how an attacker in control of a gadget with two-factor authentication (2FA) can mirror it by misusing the side-channel (electromagnetic) of the implanted chip.

The vulnerability known as the CVE-2021-3011, can permit a threat actor to extricate the encrypted key or the ECDSA private key connected to one’s account via a U2F (Universal 2nd Factor) gadget like a YubiKey or a Google Titan Key, sabotaging the 2FA (two-factor-authentication) assurances. NinjaLab analysts Victor Lomne and Thomas Roche stated in a 60-page examination stated that “The adversary can sign in to the victim’s application account without the U2F device, and without the victim noticing. In other words, the adversary created a clone of the U2F device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its second-factor authentication credentials”.

The complete rundown of products affected by this weakness incorporates almost all variants of Google Titan Security Key, Yubico Yubikey Neo, MultiPass FIDO / K13, Feitian FIDO NFC USB-A/K9, Feitian FIDO NFC USB-C/K40, and Feitian ePass FIDO USB-C/K21. Not only these security keys are vulnerable but the attack can also be performed on chips of NXP JavaCard. These include NXP J3E081_M64_DF, NXP J2E081_M64, NXP J3D081_M59_DF, NXP J3A081, NXP J3D145_M59, NXP J3D081_M59, and NXP J3E145_M64.

However, one needs to meet a very high number of requirements if they need such Key-recovery attacks to be fruitful.

A threat actor has to first take the subject’s login credentials of an account made safe and secure by the actual hardware security key, at that point covertly access Titan Security Key being referred to, only possible by using expensive purpose-specific gadgets that can cost up to  $12,000, and have enough aptitude to construct custom programming to extricate the key connected to the subjected account. The specialists also suggested that “It is still safer to use your Google Titan Security Key or other impacted products as a FIDO U2F two-factor authentication token to sign in to applications rather than not using one”.

To experiment mirroring the U2F key, the scientists set the experiment by semi-destroying the gadget utilizing a hot air gun, eliminating the plastic cover, and revealing the two microcontrollers bound in it. It is a safe territory (NXP A700X chip) that is utilized to play out the cryptographic activities and a broadly useful chip that works like a router in between the USB/NFC interfaces and the verification microcontroller. Whenever this is completed, the experimenters said that it is conceivable to gather the ECDSA encryption key through a side-channel assault by noticing the electromagnetic radiations falling off the NXP chip during signatures of ECDSA, the main cryptographic function of the FIDO U2F convention is performed when a U2F key is enrolled unexpectedly to work with a different account.

A side-channel assault commonly works only based on the data acquired from the time of implementation of a computer framework, rather than misusing the vulnerability of a software. These attacks generally are influenced by timing details and data, utilization of power, By securing 6,000 such side-channel hints of the U2F confirmation demand orders over a six-hour time frame, the specialists said they had the option to recuperate the ECDSA private key connected to a FIDO U2F account made for the test utilizing an unaided AI model.

electromagnetic leakages and acoustic signs as a source for the leaking of data.

Despite the fact that the security of an equipment security key isn’t decreased by the above assault because of the impediments in question, an expected abuse in the wild isn’t impossible. “Nevertheless, this work shows that the Google Titan Security Key (or other impacted products) would not avoid [an] unnoticed security breach by attackers willing to put enough effort into it,” the involved scientists rounded-up. “Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered.

If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.


Leave a Reply

Your email address will not be published.