New side-channel attack can recover encryption keys from Google Titan security keys

[mood]

New side-channel attack can recover encryption keys from Google Titan security keys

Attack requires physical access to the devices but Titan and other keys can be cloned if attacks are successful.

 

 

A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys.

 

 

The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations.

 

Once obtained, the two security researchers say the encryption key, an ECDSA private key, would allow threat actors to clone Titan, YubiKey, and other keys to bypass 2FA procedures.

ATTACK REQUIRES PHYSICAL ACCESS

However, while the attack sounds disastrous for Google and Yubico security key owners, its severity is not what it seems.

 

In a 60-page PDF report, Victor Lomne and Thomas Roche, researchers with Montpellier-based NinjaLab, explain the intricacies of the attack, also tracked as CVE-2021-3011.

 

For starters, the attack won't work remotely against a device, over the internet, or over a local network. To exploit any Google Titan or Yubico security key, an attacker would first need to get their hands on a security key in the first place.

 

Temporarily stealing and then returning a security key isn't impossible and is not out of the threat model of many of today's government workers or high profile executives, which means this attack can't be entirely ruled out or ignored.

TITAN CASING IS HARD TO OPEN, LEAVES MARKS

 

However, Lomne and Roche argue that there are other unexpected protections that come with Google Titan keys, in the form of the key's casing.

"The plastic casing is made of two parts which are strongly glued together, and it is not easy to separate them with a knife, cutter or scalpel," the researchers said.

"We used a hot air gun to soften the white plastic,and to be able to easily separate the two casing parts with a scalpel. The procedure is easy toperform and, done carefully, allows to keep the Printed Circuit Board (PCB) safe," the two added.

 

However, Lomne and Roche also point out that "one part of the casing, soften[ed] due to the application of hot air," and usually permanently deforms, leaving attackers in the position of being unable to put the security key back together once they've obtained the encryption key — unless they come prepared with a 3D-printed casing model to replace the original.

 

Image: NinjaLab

A SIDE-CHANNEL ATTACK USING ELECTROMAGNETIC RADIATIONS

But once the casing has been opened and the attackers have access to the security key's chip, researchers say they can then perform a "side-channel attack."

 

The term, which is specific to the cyber-security world, describes an attack where threat actors observe a computer system from the outside, record its activity, and then use their observations on how the device activity fluctuates to infer details about what's going on inside.

 

In this case, for their side-channel attack, the NinjaLab researchers analyzed electromagnetic radiations coming off the chip while processing cryptographic operations.

 

Researchers said that by studying around 6,000 operations taking place on NXP A7005a microcontroller, the chip used inside Google Titan security keys, they were able to reconstruct the primary ECDSA encryption key used in signing every cryptographic token ever generated on the device.

 

The good news for Titan and YubiKey owners is that this process usually takes hours to execute, requires expensive gear, and custom software.

 

Image: NinjaLab

 

Normally, this type of attack would be out of the reach of regular hackers, but security researchers warn that certain threat actors, such as three-letter intelligence agencies, usually have the capabilities to pull this off.

"Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered," Lemne and Roche said.

WHAT'S VULNERABLE?

As for what's vulnerable, the researchers said they tested their attack on the NXP A7005a chip, which is currently used for the following security key models:

• Google Titan Security Key (all versions)
• Yubico Yubikey Neo
• Feitian FIDO NFC USB-A / K9
• Feitian MultiPass FIDO / K13
• Feitian ePass FIDO USB-C / K21
• Feitian FIDO NFC USB-C / K40

 

In addition, the attack also works on NXP JavaCard chips, usually employed for smartcards, such as J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF.

 

Contacted via email, Google echoed the research team's findings, namely that this attack is hard to pull off in normal circumstances.

 

In addition, Google also added that its security keys service is also capable of detecting clones using a server-side feature called FIDO U2F counters, which the NinjaLab team also recommended as a good countermeasure for their attack in their paper. However, the research team also points out that even if counters are used, there is a short time span after the clone has been created when it still could be used.

 

Nonetheless, as a closing note, the French security researchers also urged users to continue using hardware-based FIDO U2F security keys, such as Titan and YubiKey, despite the findings of their report. Instead, users should take precautions to safeguard devices if they believe they might be targets of interest to advanced threat actors.

 

 

Source: New side-channel attack can recover encryption keys from Google Titan security keys

[aum]

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks.

 

But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.

 

The vulnerability (tracked as CVE-2021-3011) allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections.

 

"The adversary can sign in to the victim's application account without the U2F device, and without the victim noticing," NinjaLab researchers Victor Lomne and Thomas Roche said in a 60-page analysis.

 

"In other words the adversary created a clone of the U2F device for the victim's application account. This clone will give access to the application account as long as the legitimate user does not revoke its second factor authentication credentials."

 

The whole list of products impacted by the flaw includes all versions of Google Titan Security Key (all versions), Yubico Yubikey Neo, Feitian FIDO NFC USB-A / K9, Feitian MultiPass FIDO / K13, Feitian ePass FIDO USB-C / K21, and Feitian FIDO NFC USB-C / K40.

 

Besides the security keys, the attack can also be carried out on NXP JavaCard chips, including NXP J3D081_M59_DF, NXP J3A081, NXP J2E081_M64, NXP J3D145_M59, NXP J3D081_M59, NXP J3E145_M64, and NXP J3E081_M64_DF, and their respective variants.

 

The key-recovery attack, while doubtless severe, needs to meet a number of prerequisites in order to be successful.

 

An actor will have first to steal the target's login and password of an account secured by the physical key, then stealthily gain access to Titan Security Key in question, not to mention acquire expensive equipment costing north of $12,000, and have enough expertise to build custom software to extract the key linked to the account.

 

"It is still safer to use your Google Titan Security Key or other impacted products as a FIDO U2F two-factor authentication token to sign in to applications rather than not using one," the researchers said.

 

To clone the U2F key, the researchers set about the task by tearing the device down using a hot air gun to remove the plastic casing and expose the two microcontrollers soldered in it — a secure enclave (NXP A700X chip) that's used to perform the cryptographic operations and general-purpose chip that acts as a router between the USB/NFC interfaces and the authentication microcontroller.

 

Once this is achieved, the researchers say it's possible to glean the ECDSA encryption key via a side-channel attack by observing the electromagnetic radiations coming off the NXP chip during ECDSA signatures, the core cryptographic operation of the FIDO U2F protocol that's performed when a U2F key is registered for the first time to work with a new account.

 

A side-channel attack typically works based on information gained from the implementation of a computer system, rather than exploiting a weakness in the software. Often, such attacks leverage timing information, power consumption, electromagnetic leaks, and acoustic signals as a source of data leakage.

 

By acquiring 6,000 such side-channel traces of the U2F authentication request commands over a six-hour period, the researchers said they were able to recover the ECDSA private key linked to a FIDO U2F account created for the experiment using an unsupervised machine learning model.

 

Although the security of a hardware security key isn't diminished by the above attack due to the limitations involved, exploitation in the wild is not inconceivable.

 

"Nevertheless, this work shows that the Google Titan Security Key (or other impacted products) would not avoid [an] unnoticed security breach by attackers willing to put enough effort into it," the researchers concluded. "Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered."

 

Source

[mood]

Should you worry about hackers cloning your 2FA hardware security keys?

TL;DR: Not really, but it might be a good idea to take a few simple precautions.

 

Hardware security keys, such as the Google Titan, have become a cornerstone of enterprise security, adding a much-needed layer of protection on top of the password. But researchers have now shown that it is possible to clone keys -- given the key, a few hours, and thousands of dollars.

 

Researchers from security firm NinjaLab have managed to make a clone of a Google Titan 2FA security key. The process makes use of a side-channel vulnerability in the NXP A700X chip.

 

I'll let you read up on this, but basically, the process requires having physical access to the key, take hours, involves trashing the casing to get at the chip, thousands of dollars of equipment, custom software, and a lot of know-how.

 

Oh, and the attacker also needs the target's account password.

 

The idea is that after the cloning process, the original key is put back into a new shell and given back to the rightful owner.

 

This will, as you might expect, be worrying for organizations that rely on 2FA keys. That said, the amount of information, along with free time an attacker needs to accomplish this is high. I mean, needing both the key and the password are themselves high hurdles.

 

On top of that, getting at the key involves trashing the casing of the original. This means that the replacement needs to be convincing, and in my experience keys take on a distinctive battering after very little use.

 

So, what can you do to mitigate this attack?

• Have strong passwords.
• Treat your 2FA keys the same way you'd treat your car or house keys -- keep them with you at all times.
• Make your keys distinctive -- I know someone who puts a spot of glittery nail polish on their key, leaves it to dry, and takes a photo of the unique glittery blob.
• If you believe that your key has been compromised, inform your IT department (or, if that's you, remove the offending key from your accounts).
• Google can detect cloned keys using its FIDO U2F counters feature.

I expect that this will result in better, more tamper-resistant keys in the future. I use 2FA keys, and I am surprised how little tamper-resistance Google's Titan Bluetooth key has -- the shell snaps off easily to expose the innards.

 

 

Source: Should you worry about hackers cloning your 2FA hardware security keys?

[Karlston]

Similar topics merged.