[Newsflash] “YubiKey Recalls Defective 2-FA Authentication Devices” as New Vulnerability Found


  • A spokesperson for YubiKey has recently come forth and stated that a majority of his company’s “vulnerable devices” have either already been exchanged or are in the process of being replaced.
  • At press time, there have been no reported cases of security breaches arising from the newly discovered security flaw.

As per a security report released by YubiKey recently, the firms’ FIPS Series devices (especially those running on firmware versions 4.4.2 and 4.4.4) are now more vulnerable to various security-related issues.

To be a bit more specific, we can see that the devices currently running on the V4.4.2 and 4.4.4 can retain up to 80 predictable bits, with keys being as short as 256 bits. As a result of this, the ‘randomness quotient’ of the affected machines (YubiKey FIPS, YubiKey Nano FIPS, YubiKey C FIPS, and the YubiKey C Nano FIPS) has reduced quite significantly.

With that being said, it is still worth pointing out that even with these reduced security standards, it is still quite difficult for miscreants to

“gain access to a device connected to the FIDO U2F device or leverage a TLS vulnerability”.

From a technical standpoint, we can see that to make use of the above-stated flaw, hackers will need to “capture several signed responses” from a machine that has been compromised. Following this, the nefarious agent will then have to recompute the coded framework “ — which in itself is an extremely arduous task.

Other similar episodes may also be incurred when dealing with OATH one-time passwords and other OpenPGP-based authentication protocols.

Even though YubiKey’s devices aren't meant to serve as altcoin-wallets as such, owing to their use of 2-FA based authentication modules, many crypto holders seem to swear by the company’s products.

Bitfinex, Coinbase, and Gemini are a few of the premier crypto trading platforms that currently support FIDO U2F. Not only that, according to a number of independent reports, YubiKey devices are also being used by various government organizations across the globe right now.

A number of security experts are of the belief that this latest flaw affecting various YubiKey devices — especially those running firmware versions 4.4.2 and 4.4.4 — will compromise the existing security protocols that have been deployed by a number of big-name corporations and governments (that are making use of the company’s products).

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide