One way to keep your crypto assets safe is to use a YubiKey, but there is a problem. A vulnerability has been discovered that users who purchase a lifetime YubiKey will have to learn to live with. Now let’s talk about why YubiKey is important for crypto asset security and then the vulnerability that will not be closed for life.
What is YubiKey?
FIDO Alliance This is a tool that helps with identity and password verifications, similar in size to a USB. This authentication device supports 2-factor and FIDO2 authentication protocols. crypto money keeps your wallets safe. Cryptocurrencies You can think of it as a version of cold wallets, which are widely used for protecting passwords. A Prize Pool Worth 21 Million TL Awaits You from BinanceTR! Participating and winning has never been easier.. You can sign up to BinanceTR from this link. Get your first crypto!
It can work offline, you can log in by just touching the key instead of entering a password, without being dependent on the phone. So you don’t have to keep your stock market password or other private keys in things like Whatsapp, e-mail, paper, etc.
NFC feature, you can use it by touching your phone. You can even set this YubiKey as your key when you want to log in to your computer. In this way, you cannot physically log in to your computer while the device is in your hand. This device, which is also compatible with applications such as Lastpass and Google Password Manager, can be used not only for your cryptocurrency accounts and wallets, but for all your accounts.
For extra security, some users have 2 YubiKey While using one of them as active, you can also use the other as a backup or recovery key.
YubiKey Vulnerability
Everything is perfect and unless someone puts a gun to your head and takes your YubiKey, you’re safe. But a major security vulnerability was recently discovered that you’ll have to get used to living with. Cybersecurity experts YubiKey discovered a vulnerability in the 2-factor authentication keys for the device that allows cloning of the device. Moreover, this vulnerability was discovered in the Infineon crypto library used by almost all products including the series below.
- YubiKey 5
- Yubikey Bio
- Security Key
- YubiHSM 2
Yubico said that this vulnerability is a medium-level vulnerability and difficult to exploit. Experts also commented on what to look out for, including the following details:
“An attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also need additional information such as a username, PIN, account password, or authentication key.”
Although it may seem difficult, attackers who believe they can access a significant amount of assets can overcome this difficulty. In state-backed attacks, the success rate is higher because it is easier to access a lot of information. Also Lazarus Since we know how comprehensive the target-oriented work of teams like these infiltrates companies, investors, especially those holding large amounts of assets, need to be much more cautious.
Since the YubiKey firmware cannot be updated, all YubiKey 5 devices prior to version 5.7 (or 5.7.2 for the Bio series and 2.4.0 for the YubiHSM 2) will be vulnerable for life. However, later models are not affected by this vulnerability because they do not use the Infineon crypto library.
Disclaimer: The information contained in this article does not contain investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should carry out their transactions in line with their own research.
