/headshot.jpg

Welcome to the Internet homepage of Adam Stasiniewicz.

PGP key: 3270d15169357d8177ec914ef51948c9db5b8297
iMessage CKV: APKTIDrc33iKNWyFiGmUG5Sai-3UCAMR4RpfehUIC5Pl7DdQF-eQ
Opinions/views/etc are my own.

Infineon / YubiKey Cloning Vulnerability

Original Ars Technica Story

This is, unfortunately, a big deal. Not just for the users of YubiKeys, but also for anything using Infineon crypto chips. Infineon makes the crypto chips in a ton of devices, including TPMs, smart cards, passports, credit cards, and SIM cards. I suspect there will be more fallout from this, as additional devices are found to be using the same cryptographic library.

There are two important mitigations: