Encryption keys from Google Titan Security keys can be recovered via side-channel attacks

43
Encryption keys from Google Titan Security

Thomas Roche and Victor Lomne, French security researchers, detected that liability could impact chips used inside the YubiKey and Google Titan hardware security keys. The liability allows malicious actors to recover the main encryption key leveraged by the hardware security key to generate cryptographic tokens needed for two-factor authentication operations (2FA).

As per reports, the attack may seem disastrous for Yubico and Google security key users; however, the severity will not be so high. The attack needs physical access to the keys and can’t be launched initially over the Internet, remotely, or via a local network.

Source: zdnet