According to a recent research paper, Google’s two-factor Titan security key is vulnerable to attack, which eventually leads to duplication or cloning of the key. This is due to the so-called side-channel vulnerability in the chip that powers the 2FA key itself, and it requires login credentials, physical access, complete disassembly of the key, working time, estimated thousands of resources and devices to reverse Operation-Design its cryptographic keys, and will be defeated by the U2F standard in the long run. In short: most readers need not worry.
The full details are available from the 60-page PDF published by the researchers of Ninjalab, but the ultimate problem stems from Google’s use of the NXP A700X chip in the security key, which manages the private key used to sign and propose authentication- In other words, in a key using double ciphers, the key consisting of two factors can prove to be yours. Although the chip itself is not directly vulnerable to attack, the so-called “side channel attack”
As a result, an attacker can create a copy of the hardware, which the FIDO U2F protocol should not be able to do. According to reports, this requires thousands of dollars in hardware to complete. The attacker needs your login credentials in addition to the hardware key. These keys must be broken down and observed during use to ensure a long period of time. Although the researchers spent about ten hours between disassembly, observation, and reassembly, they believe that if the attack becomes more complex, the time can be shortened.
Companies such as Feitan and Yubivo using other hardware keys on the same chip may also be vulnerable to this attack. This includes the popular but discontinued Yubikey Neo. According to the statement provided to Ars Technica, both NXP and Yubico are aware of the claims of the security researchers, and neither disputed the details of the vulnerability. The complete list of affected devices identified by the researchers is as follows:
- Google Titan Security Key (all versions)
- Yubico Yubikey Neo
- Feitian FIDO NFC USB-A / K9
- Feitian MultiPass FIDO / K13
- Feitian ePass FIDO USB-C / K21
- Feitian FIDO NFC USB-C / K40
- NXP J3D081_M59_DF and its variants
- NXP J3A081 and its variants
- NXP J2E081_M64 and its variants
- NXP J3D145_M59 and its variants
- NXP J3D081_M59 and its variants
- NXP J3E145_M64 and its variants
- NXP J3E081_M64_DF and its variants
The security standards of many venues believe that the loss of physical access rights immediately constitutes a loss of security, and assuming you know that you have lost trust in them, you can easily revoke the two-factor key. However, the window of this attack is short enough that it may happen before you know that the key has been retrieved and replaced. But importantly, the U2F standard also means that this attack can only work in a short time. This is because the key exchange also contains a reference to the number of times the key is used with the service, and the two keys will eventually not match. U2F-compliant venues lock two keys when they discover differences, and Google tells Ars that it does follow these standards.
According to reports, Google did not even offer bounties for such physical attacks-although the policy was formulated for its Google Play program, other programs that appeared to belong to the program were not mentioned.
It remains to be seen how Google or NXP will solve this problem in the long term-whether it is to solve the existing keys, or to mitigate or evade attack vectors in the future. (Maybe better to shield the inside of the chip package? Or will the internal operation of the chip be confused in future software to prevent radio analysis?)
Also note that this is different from the “Titan” chip Google uses in other security settings, such as TitanM on Pixel phones. Although the company likes to use the name where security is important, it has no real meaning or consistency in actual hardware.
In fact, this is not the first time Google has encountered vulnerabilities using Titan security keys. The original Bluetooth Titan key also has defects, so it can be replaced for free.However, as long as no one actually has access to your key (and your account credentials), this new vulnerability will not be a problem for most readers, and you will still the way Better than SMS-based 2FA, which has no 2FA keys at all or relies on SIM card exchanges to be vulnerable. However, people who may be subject to direct targeted attacks may consider changing the key.
- Ninjalab (direct download warning)