- Please describe the issue, what was the cause?
Infineon Technologies, one of Yubico’s secure element vendors, has informed us of a security issue in their cryptographic firmware library. The issue weakens the strength of on-chip RSA key generation, and affects the PIV smart card and OpenPGP functionality of the YubiKey 4 platform.
- How was this issue found?
The RSA key generation issue was discovered by an independent team of researchers from the University of Masaryk in the Czech Republic.
- What is the impact of this issue?
The researchers found a method to identify mathematical weaknesses of particular algorithms for prime number generation. The method allows an attacker who only has the public portion of an RSA key pair generated on the secure element to compute the private key significantly faster than the current state of the art attack.
- Where in the YubiKey is this issue?
a) The root cause of the issue lies within the Infineon core cryptographic libraries for this device, and not in the secure element itself - the hardware symmetric and asymmetric co-processors are not affected. Specifically, the issue is within the YubiKey 4 use of a cryptographic software library provided by Infineon for on-device RSA key generation.
b) Infineon confirms that the RSA key generation implemented in one of their cryptographic libraries is affected. Customers using RSA in OpenPGP or PIV key generation within the CCID module are affected, but this issue does not affect RSA keys that have been imported into YubiKey 4 devices. Additionally, all other RSA cryptographic services, as well as ECC based cryptography and symmetric cryptography, are not affected.
- Which YubiKey devices are affected?
This vulnerability affects only the PIV smart card, OpenPGP card and onboard RSA key generation functionality on certain YubiKey 4 keys. YubiKey users can learn if they are affected by following the simple steps outlined on the customer portal provided by Yubico, https://www.yubico.com/keycheck. YubiKey NEO and FIDO U2F Security Key are not affected.
- Which protocols are affected?
The issue weakens the strength of on-chip RSA key generation, and affects the PIV smart card and PGP functionality of the YubiKey 4 platform. FIDO U2F, OTP, and OATH functions of the YubiKey 4 platform are not affected. RSA private key operations, such as signature generations are not affected.
- How long has Yubico known of the issue in the YubiKey 4 platform and why was it not disclosed earlier?
Infineon Technologies informed Yubico, on May 12, 2017, under strict Coordinated Vulnerability Disclosure restrictions, of an issue discovered in an Infineon cryptographic library. A team of independent researchers from the University of Masaryk in the Czech Republic discovered the issue. Yubico takes this shared responsibility seriously since it is imperative that we work closely with researchers, services, and other affected vendors to remedy the issue as quickly as possible and protect our customers. On June 6, 2017, Yubico remedied this issue in all shipping YubiKey 4 devices. On Oct 16, 2017 the security researchers from the University of Masaryk published their research on this issue and the Coordinated Vulnerability Disclosure embargo was lifted. Yubico issue a Security Advisory to customers, offering mitigation recommendations and a key replacement program for affected customers.
- To your knowledge, are other hardware technologies, outside of Yubico’s, affected by this flaw?
Infineon has worked with other affected vendors to address this issue under the Coordinated Vulnerability Disclosure process.
- To your knowledge, is this exploit in the wild?
No, we are not aware of any security breaches due to this issue.
- How many YubiKey users does this affect?
Only YubiKey 4 customers who purchased keys manufactured prior to June 6, 2017 who use PIV and/or OpenPGP capabilities AND use the on-board RSA key generation feature are affected. We estimate this is a small fraction of YubiKey users (approx 2%).
- Are the YubiKeys sold on Amazon affected?
YubiKeys sold from Amazon after June 14, 2017 are version 4.3.5 or higher and are not affected. To verify the version of your key please visit https://www.yubico.com/keycheck.
- Is there a replacement policy?
Yes, affected customers may use the YubiKey 4 replacement program.
- How can I get a replacement key?
By going to our dedicated customer portal and submitting a request.
- Does this issue affect users of FIDO U2F?
No. FIDO U2F uses Elliptic Curve Cryptography, specifically the secp256r1 curve. Therefore, users of FIDO U2F are not affected.
- Do people who are using YubiKeys for U2F need to replace their YubiKeys?
No. This issue does not affect U2F functionality.
- Who has been notified of this issue? Customers/partners?
We have published information on this issue in a Yubico security advisory, and in a blog post posted on www.yubico.com and also on a dedicated customer portal provided by Yubico at https://www.yubico.com/keycheck.
- Are you already shipping YubiKeys which have this issue fixed?
Yes, all YubiKeys shipped by Yubico after June 6, 2017, version 4.3.5 or higher, resolved this issue.
- Why are only a small fraction of YubiKey 4 customers affected?
The majority of Yubico customers use OTP and U2F, features that are not affected by this issue. Users of PIV and OpenPGP who make use of imported keys are not affected. Most larger smart card deployments use the YubiKey NEO platform, rather than the YubiKey 4 platform, and the YubiKey NEO platform is unaffected.
Yubico customers can request assistance from Yubico Support by filing a support ticket.
Yubico partners should contact Yubico Sales directly if they have questions related to this Security Advisory.
Any media or press enquiries should be directed to email@example.com.