While too many people still don’t know anything about Hardware security keys, such as those from Google and Yubico, Companies are trying to introduce them as the most secure hardware ever. Although these tools are highly resistant to phishing and takeover attacks, the new attacks could let hackers Clone Hardware security keys.
An electromagnetic side-channel in the chip embedded in Google Titan 2FA Security Keys is the most important weakness of Google Titan. In the other words, attackers can clone the whole device, by exploiting an electromagnetic side-channel. After demonstrating the vulnerability, the researchers named it “CVE-2021-3011”.
How does cloning Hardware security keys happen?
Cloning an electromagnetic side-channel lets the attackers extract the encryption key. Another case in which exploiting may occur, is the case that demonstrates when hackers link the ECDSA private key to the victim’s account. Linking ECDSA private key to victim’s account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key can put the security of these tools under serious question.
As Victor Lomne and Thomas Roche have stated:
“The adversary can sign in to the victim’s application account without the U2F device, and without the victim noticing. In other words, the adversary created a clone of the U2F device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its second-factor authentication credentials.
Nevertheless, this work shows that the Google Titan Security Key (or other impacted products) would not avoid [an] unnoticed security breach by attackers willing to put enough effort into it. Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered.”
What is ECDSA?
Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital encrypted Signature that its codes are derived ECC. By the mean of this digital system algorithm, security experts can provide maximum security in the format of a small encrypted key. The keys that are efficient in terms of encryption and their small size make them even more efficient. Despite all benefits of the Elliptic Curve Digital Signature Algorithm, we cannot deny its role as an element that “CVE-2021-3011” has been derived from it.
“CVE-2021-3011” has put the reputation of all kinds of Hardware security keys in danger. Besides all versions of Google Titan Security Key, Feitian MultiPass FIDO / K13, Feitian FIDO NFC USB-A / K9, Feitian FIDO NFC USB-C / K40, Yubico Yubikey Neo, and Feitian FIDO NFC USB-A / K9.
ECDSA is not the only external factor that has made Hardware security keys unsafe. Hackers can also exploit NXP J3E081_M64_DF, NXP J3E145_M64, NXP J3D081_M59_DF, NXP J3A081, NXP J2E081_M64, and other types of NXP JavaCard chips.
How the attack does occur?
Cloning the key is probably possible if the attackers are professional at what they are doing. The process of cloning the key is just like solving a puzzle. The attackers have to put every piece in the exact right place to achieve their goal. To clone these keys, you need to use expensive tools that cost up to twelve thousand dollars to purchase.
After acquiring the necessary tools and building custom software to extract the key linked to the account, the main information of the target account, such as its password, is stolen. As the main information is protected by the physical key, taking the first step would be the hardest part. Therefore, there is no need to mention that it is necessary to have enough expertise to hack these keys.
Cloning should get started from an electromagnetic side-channel in the chip embedded in Hardware security keys. In order to access attackers use a hot air gun to tear the device down. The microcontrollers are soldered inside the Hardware security keys. Attackers have to keep tearing the device down until the microcontrollers that are inside the device get exposed.
As we mentioned there are two types of microcontrollers inside each Hardware security key. One that is used to execute the cryptographic operations and is called (NXP A700X chip). The other chip is the general-purpose chip that acts as a router within the USB/NFC interfaces and the authentication microcontroller.
After exposing microcontrollers, attackers would be able to discover the ECDSA encryption key. But how would they do it? ECDSA encryption key can be gleaned by the side-channel attack. Therefore, attackers can observe electromagnetic radiations coming off the NXP chip during ECDSA signatures. In the other words, they get access to the main cryptographic executor. The core of cryptography begins operating when the key is registered for the first time to work with a new account.
Side-channel attack and Hardware security keys
The side-channel attack typically occurs because of hardware weaknesses. The information attained from the implementation of a computer system lets the attackers exploit the whole system. Side-channel attacks hold electromagnetic losses, acoustic signals as a source of data leakage, power damage, and timing data.
As researchers have stated, recovering the cloned keys are possible. The essential question that needs to be answered is that can this vulnerability put the security of Hardware security keys under the question? Honestly, it cannot. The probability of occurring such an attack is low. However, the fact that attackers have found a way to exploit the most secure product of Google is scary.