Check your YubiKeys right now.
If they have the letters "FIPS" on them, they either need to be updated or replaced because of a recently discovered YubiKey security vulnerability.
Parent company Yubico say internal teams discovered the vulnerability within the last couple of months, and they've now pushed out a patch in YubiKey FIPS Series firmware version 4.4.5.
YubiKey security risk scenarios
Yubico says it has not seen these exploits in the wild, however, it lists the following types of scenarios as a reason to take the security advisory seriously.
1. I am using my YubiKey FIPS Series device as a smart card (PIV), am I affected?
Yes, if you sign code, software applications, electronic documents, or other artifacts using an ECDSA signature then you are likely impacted. If you are using an RSA signature, the resulting RSA key strength is not significantly reduced for known cryptographic attacks to be significantly easier to accomplish.
You may also be at risk from attempts to overwrite your stored PIV signatures on the YubiKey, however, this attack requires specially crafted software to first be installed on your system.
2. I store my PGP keys on my YubiKey FIPS Series device, am I affected?
The reduction in key strength for PGP keys generated on the YubiKey may be up to 10 bytes for affected RSA keys. This does not significantly affect RSA’s cryptographic protections. PGP keys generated outside a YubiKey FIPS Series device and imported onto the device are not affected.
3. I am using FIDO U2F on a YubiKey FIPS Series device to authenticate to a website, am I affected?
For scenarios involving FIDO U2F, an attacker who successfully exploited this issue could impersonate a user to a specific Relying Party (website) without having the user’s YubiKey if they also had possession of a user’s username and password for that Relying Party.
4. I am using my YubiKey FIPS Series device to add OATH one-time passwords to my logins, am I affected?
For scenarios involving the use of OATH, an attacker can under certain conditions capture the authentication sequence and replay authentication to the YubiKey FIPS device to gain OATH OTP codes. See above OATH issue description for additional details.
Yubico says a random value is used as a basis for keys used by RSA and ECDSA algorithms leveraged in some YubiKey FIPS Series applications, however, the buffer holding the value contains some predictable content making the value less random than intended.
Here are more details in the YubiKey Security Advisory.
Bruce Schneier on class breaks
This YubiKey advisory—along with those in the last week by Google, Adobe, Exim, and Microsoft (among others)—sure remind us of an interview we did with Bruce Schneier at SecureWorld Boston.
He says patching is about to reveal itself as a failed paradigm.
Right now, we're used to "class breaks" in tech, where a class of devices or entire versions of software are found to be insecure or "broken." Patches, sometimes hundreds announced in a single week, are deployed and the breaks are fixed.
This works in tech, Schneier says. But in many industries and devices, it simply cannot work. Watch the brief interview clip below for Schneier's explanation: