Importantly, though, the U2F standard also means this sort of attack should only work for a short period. However, the window for this attack is short enough it could happen before you're aware the key has been taken and replaced. Security standards at many venues consider a loss of physical access to constitute an immediate loss of security anyway, and two-factor keys can be easily revoked, assuming you know you've lost possession of them.
The full list of affected devices noted by the researchers is just below: NXP and Yubico are both aware of the security researchers' claims, according to statements provided to Ars Technica, and neither disputes the details of the vulnerability. That includes the popular but discontinued Yubikey Neo. Other hardware keys from companies like Feitan and Yubico that use the same chip may also be vulnerable to this attack.
0 kommentar(er)
