YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

YubiKey 5, a hardware token for two-factor authentication, has a cryptographic flaw making it prone to cloning if an attacker briefly accesses it physically, as per researchers. The flaw, known as a side channel, is present in the microcontroller SLE78 by Infineon; other versions by Infineon could also be susceptible. Any device with firmware prior to version 5.7, released in May, is potentially vulnerable. As no firmware updating is possible, affected YubiKeys remain permanently vulnerable.