There is broad agreement among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today does not change that, but it shows how malicious attackers with physical possession of a Google Titan key can clone it.
There are some steep obstacles to remove in order for an attack to succeed. A hacker must first steal a target̵
“Still, this work shows that Google Titan Security Key (or other affected products) would not be avoided [an] unnoticed security breaches by attackers who are willing to put enough effort into it, “wrote researchers from security company NinjaLab in a research article published on Thursday. “Users facing such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been detected.”
2FA gold standard
Two-factor authentication, or 2FA, is a method that makes account takeovers much harder to extract. Instead of just using a password to prove that someone is authorized to access an account, 2FA requires another factor, such as a one-time password, possession of a physical object or fingerprint, or other biometrics.
Physical keys are among – if not the—Secure forms of 2FA because they store the long-term secret that makes them work internally, and only release non-reusable values. The secret is also impossible to fish. Physical keys are also more convenient, as they work on all major operating systems and hardware.
Titanium vulnerability is one of the only vulnerabilities ever found in a standard 2FA key. Either way, successful exploitation in the real world will undermine the security features provided by thumb-sized devices. NinjaLab researchers are quick to point out that despite the vulnerability, it is still safer to use a Titan security key or other affected authentication device to log in to accounts than not to.
Attacks from the clones
Cloning works by using a hot air gun and a scalpel to remove the plastic key housing and reveal the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. An attacker then connects the chip to hardware and software that measures when it is registered to work on a new account. When the measurement is complete, the attacker seals the piece in a new casing and returns it to the victim.
Unpacking and later sealing of the chip takes about four hours. It takes another six hours to take measurements for each account the attacker wants to hack. In other words, the process will take 10 hours to clone the key for a single account, 16 hours to clone a key for two accounts and 22 hours for three accounts.
By observing the local electromagnetic rays when the chip generates the digital signatures, the researchers exploit a side channel vulnerability in the NXP chip. Exploitation allows an attacker to achieve the long-term
elliptical curve digital signal algorithm private key specified for a given account. With the crypto key in hand, the attacker can create their own key, which will work for each account she targets.
Paul Kocher, an independent cryptographic expert with no involvement in the research, said that while the real risk of attack is low, side channel discovery is still important, given the class of users – dissidents, lawyers, journalists and other high-profile targets – who trust it and the possibility of attack. will get better over time.
“The work is remarkable because it is a successful attack on a well-hardened target designed for high-security applications, and clearly violates the security features of the product,” he wrote in an email. A real opponent may well be able to limit the attack (eg shorten the data collection time and / or eliminate the need to physically open the device). For example, the attack can be extended to a symbol that is left in a hotel’s gym for an hour. ”
Make it impossible
Google Titan, like other security keys that use the FIDO U2F standard, will actually make it impossible to transfer crypto keys and signatures from the device, as NinjaLab researchers noted:
As we have seen, the FIDO U2F protocol is very simple, the only way to interact with the U2F device is registration or authentication requests. The registration phase will generate a new ECDSA key pair and send out the public key. The authentication will mainly perform an ECDSA signature operation where we can select the input message and get the output signature.
Therefore, even for a legitimate user, there is no way to know the ECDSA secret key of a given application account. This is a limitation of the protocol that, for example, does [it] impossible to transfer user credentials from one security key to another. If a user wants to switch to a new hardware security key, a new registration phase must be done for each application account. This will create new ECDSA key pairs and recall the old ones.
This limitation in functionality is a strength from a security point of view: by design it is not possible to create a clone. It is also an obstacle to side channel reverse engineering. Without any control over the secret key, it is hardly possible to understand the details of (let alone attack) a highly secured implementation. We need to find a solution to study implementation security in a more practical setting.
Although he describes a way to compromise the security of a key Google seller, the research does not receive payment under Google’s bug bounty program, which rewards hackers who discover security flaws in Google’s products or services and report them privately to the company. A Google spokeswoman said attacks that require physical possession are outside the scope of the company’s security key threat model. She also noted the difficulty and cost of carrying out an attack.
While the researchers carried out their attack on Google Titan, they believe that other hardware using the A700X, or chips based on the A700X, may also be vulnerable. If true, it will include Yubico’s YubiKey NEO and several 2FA keys made by Feitian.
In an email, Yubico spokeswoman Ashton Miller said the company is aware of the research and believes the findings are accurate. “While researchers note that physical device access, expensive equipment, custom software, and technical skills are required for this type of attack, Yubico recommends revoking access for a lost, stolen, or misplaced YubiKey NEO to reduce the risk,” she wrote.
Representatives from chipmaker NXP and Feitian were not immediately available for comment.
A countermeasure that can partially reduce the attack is that service providers that offer key-based 2FA use a function embedded in the U2F standard that counts the number of interactions a key has had with the provider’s servers. If a key reports a number that does not match what is stored on the server, the vendor will have good reason to believe that the key is a clone. A Google spokeswoman said the company has this feature.
The research – from Ninjalab co-founders Victor Lomné and Thomas Roche in Montpellier, France – is impressive, and over time it is likely to lead to a solution to the side channel’s vulnerability. In the meantime, the vast majority of people who use an affected key should continue to do so, or at most switch to a key without known vulnerabilities. The worst result of this survey would be that people stopped using physical security keys altogether.