87
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
(arstechnica.com)
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
For the price they charge, they should be made so that opening the case will destroy the contents. They could have at least potted them.
Potted?
Encasing the circuit board in epoxy. It makes it very difficult to access components without destroying it. It's also great for water proofing and increasing the mechanical robustness.
Thanks! That makes a lot of sense.
No negatives listed on the Wiki page. Are there any? Does potting increase the likely hood of overheating?
There is potting compound with high thermal conductivity for things that produce a lot of heat. A YubiKey hardly uses any power, so heat should not be an issue.
The main downsides of potting are that it makes repair practically impossible and it can add a lot of weight if there is a large volume to be filled.
that makes sense. Thank you.
Potting Grrrr. My fancy track lighting has been potted. It sucks because absolutely no place (even China) sells the 48v LED driver with the odd body shape to bypass the internal mounting screws, and the potting means I can't access the board to desolder a resostor or something
Physical anti-tamper, while important for this type of device, wouldn't have helped for this particular attack. It's an electromagnetic side channel, so they don't even have to be touching the the thing to collect data.