Summary of Threatwire Video
The video discusses a newly discovered UB key cloning attack that poses a significant risk to the security of authentication keys globally. The attack, published by Ninja Lab, affects all UB key 5 series with firmware below version 5.7, highlighting a long-standing vulnerability within this hardware ecosystem.
Key Points
- The UB key cloning attack can clone keys but requires physical access to the key and an initial authentication method.
- This attack is complex and costly, requiring sophisticated equipment and a lab setup estimated at about €10,000.
- The attack takes advantage of electromagnetic radiation emitted by the UB key during the authentication process.
- Ninja Lab successfully reverse-engineered the cryptographic library used by the UB key, which is crucial for exploiting the vulnerability.
- The vulnerability challenges the fundamental security guarantees of the PHYTO standard, used in critical environments like military and corporate networks.
- The CVSS score for this vulnerability is 4.9 due to the attack’s impracticality and complexity, despite its importance.
- The video also touches on Twitter’s ban in Brazil and legal challenges faced by the Internet Archive regarding copyright issues, including the status of its National Emergency Library.
Youtube Channel: Hak5
Video Published: 2024-09-11T16:01:11+00:00
Video Description:
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? [email protected]
[❗, ] Join the Patreon→ https://patreon.com/threatwire
0:00 0 – Intro
0:11 1 – YubiKey Vulnerability Finally Found
03:26 2 – X/Twitter Banned in Brazil
05:12 3 – Internet Archive Cannot Lend Books
06:45 4 – Outro
LINKS
🔗 Story 1: YubiKey Vulnerability Finally Found
https://findbiometrics.com/yubikeys-can-be-hacked-but-it-costs-about-11k/
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/?utm_source=dlvr.it&utm_medium=linkedin
🔗 Story 2: X/Twitter Banned in Brazil
https://apnews.com/article/brazil-musk-x-platform-moraes-shutdown-6942614705a4e85064f1d98628b49295
https://www.nytimes.com/2024/09/08/world/americas/brazil-x-ban-business-community.html
https://platformer.news/x-ban-brazil-musk-moraes/
https://abcnews.go.com/International/wireStory/musks-banned-brazil-users-carve-new-digital-homes-113422110
🔗 Story 3: Internet Archive Cannot Lend Books
https://www.theverge.com/2024/9/4/24235958/internet-archive-loses-appeal-ebook-lending
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.