According to a recent survey, Google’s two-factor Titan security keys are vulnerable to attack, resulting in key duplication or cloning. This is courtesy of the so-called side channel vulnerability on the chip that powers the 2FA key itself, and requires login credentials, physical access, complete disassembly of the key, hours of work, estimated resources of thousands of dollars and equipment to reverse- design your key cryptographic, and that would be thwarted by U2F standards in the long run. In short: there is not much that most of our readers are concerned about.
Full details are available in the 60-page PDF published by Ninjalab researchers, but the final problem is Google’s use of the NXP A700X chip in the security keys that manage the private key used to sign and present authentication – in other words, secret bits within the two-factor key that prove it’s yours when you use it. Although the chip itself is not directly vulnerable to attack, a so-called “side channel attack” can indirectly extract that key through observation – as in, researchers repeatedly use the key and observe the radio emissions of the safe element to deduce the details of the private key within it.
From that, attackers can create a copy of the hardware, something that the FIDO U2F protocol should make impossible. This reportedly requires thousands of dollars in hardware to make, and attackers need your login credentials, in addition to the hardware key, which must also be disassembled and observed during use for a long time. Although the researchers took about ten hours between disassembly, observation and reassembly, they suggest that the time could be reduced if the attack became more sophisticated.
Other hardware keys from companies like Feitan and Yubivo that use the same chip may also be vulnerable to this attack. This includes the popular, but discontinued Yubikey Neo. NXP and Yubico are aware of the security researchers’ claims, according to statements provided to Ars Technica, and none question the details of the vulnerability. The full list of affected devices noted by the researchers is below:
- Google Titan security key (all versions)
- Yubico Yubikey Neo
- Feitian FIDO NFC USB-A / K9
- Feitian MultiPass FIDO / K13
- Feitian ePass FIDO USB-C / K21
- Feitian FIDO NFC USB-C / K40
- NXP J3D081_M59_DF and variants
- NXP J3A081 and variants
- NXP J2E081_M64 and variants
- NXP J3D145_M59 and variants
- NXP J3D081_M59 and variants
- NXP J3E145_M64 and variants
- NXP J3E081_M64_DF and variants
Security standards in many locations regard the loss of physical access as an immediate loss of security in any case, and the two-factor keys can be easily revoked, provided you know you have lost them. However, the window for this attack is short enough to happen before you know that the key has been removed and replaced. However, the most important thing is that the U2F standard also means that this type of attack should only work for a short period. This is because the key exchange also includes a reference to the number of times a key has been used with a service and the two keys will eventually not match. Locations that follow U2F standards will block both keys when they see a discrepancy, and Google tells Ars that it follows those standards.
Google reportedly doesn’t even offer a bug reward for physical attacks like this – although that policy is stated for its Google Play program, other programs that seem to fit do not mention it.
It remains to be seen how Google or NXP plans to address this problem in the long term – both when it comes to addressing existing keys and to mitigating or circumventing attack vectors in the future. (Perhaps better protection within the chip’s encapsulation? Or overshadowing the chip’s internal operations in future software to prevent radio analysis?)
Also note that this is not the same “Titan” chip that Google uses for other security settings, such as the Titan M on its Pixel phones. While the company likes to use the name whenever security is important, it has no real meaning or consistency when it comes to real hardware.
This is not the first time that Google has faced vulnerability issues with its Titan security keys. The original Bluetooth Titan key also had a flaw that resulted in the issue of free replacements. But as long as someone doesn’t gain access to your key (and your account credentials), this new vulnerability is unlikely to be an issue for most of our readers, and you still way better than not having a 2FA key or relying on 2FA based on vulnerable SIM exchange SIM. People who may be subject to a directly targeted attack, however, may consider changing the keys.
- Source:
- Ninjalab (direct download notice)