Security keys from Google and Yubico could face attack from hackers.
Physical security keys from Google could be targeted by hackers looking to break into user devices and steal personal data, new research has found. Security experts have discovered a vulnerability impacting the hardware included in Google Titan and YubiKey hardware security keys that have become popular with users looking for that extra level of protection. The flaw looks to expose the encryption keys used to protect a device, leaving it unsecured and open to attack from outside sources. The findings come from Victor Lomne and Thomas Roche, researchers with Montpellier-based NinjaLab, who examined all versions of Google’s Titan Security Key, the Yubico Yubikey Neo, and several Feitian FIDO devices (Feitian FIDO NFC USB-A / K9, Feitian MultiPass FIDO / K13, Feitian ePass FIDO USB-C / K21, and Feitian FIDO NFC USB-C / K40) The duo discovered a flaw that could allow hackers to recover the primary encryption key used by the key device to generate cryptographic tokens used in two-factor authentication (2FA) operations.
