Google Titan’s secure element, the NXP A700X chip, was the subject of the research. However, it is important to note that a threat actor must have physical access to a Titan device to perform the side-channel attack. Lomné and Roche demonstrated the security flaw on the Google Titan Security key, a FIDO U2F hardware device designed to implement two-factor authentication (2FA) through the generation of a cryptographic token in order to verify the legitimacy of a user, thus preventing phishing and account takeovers.Ī remote attack would have severe ramifications for 2FA hardware products. Read more of the latest authentication news Tracked as CVE-2021-3011, the vulnerability is described as an “electromagnetic-wave side-channel issue” that allows attackers to “extract the ECDSA private key after extensive physical access (and consequently produce a clone)”. On January 7, Ninjalab’s Victor Lomné and Thomas Roche published a research paper, ‘ A Side Journey to Titan’ (PDF), which explores how an attack can be launched against NXP A7005a chips to extract private keys and clone security devices. However, Google says attack doesn’t materially undermine Titan’s remote access protectionĪ new side-channel attack exploiting a vulnerability in NXP chipsets can be used to clone Google Titan Security Keys.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |