Yubico Replaces Security Keys Due to Hardware Flaws

Yubico Replaces FIPS Series Security Keys Due to Hardware Flaws

Yubico discovered a hardware flaw in YubiKey FIPS Series devices in mid-March and since then, has updated the firmware version to one that does not contain the bug, as well as replaced the majority of affected devices.

Yubico is replacing U.S. government-approved security keys due to hardware flaws. The recalled device is the YubiKey FIPS Series, which are not consumer devices, and only in versions 4.4.2 and 4.4.4.

Yubico released an advisory last week that stated that the main issue with the security keys was decreased randomness in the first set of values.

“Random values leveraged in some YubiKey FIBS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up,” Yubico said. “The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted.”

Yubico originally discovered the flaw in mid-March 2019, and subsequently created YubiKey FIPS Series firmware version 4.4.5, which achieved FIPS certification on April 30, 2019.

The company has been replacing keys for affected FIPS devices since they discovered the issue, and said that at the time the advisory was released, they believed the majority of affected YubiKey FIPS Series devices had been replaced, or were in the process of being replaced.

The company is not aware of any security breaches due to the issue, but all users that haven’t yet been contacted by Yubico are advised to request a replacement.

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

  • Remembering 9/11 Remembering 9/11

    In this episode, Security Today Editor-in-Chief Ralph C. Jensen Talks with Steve Karoly about security and transportation issues, specifically airport, airline and passenger security. It is the 20th anniversary of the 9/11 terror attacks in New York, the Pentagon and Shanksville, PA. Much has changed concerning security efforts about airport transportation security. The conversation talks about the role that technology plays in protecting the flying public and steps taken to ensure there hasn’t been a successful terrorist attack on a U.S. airliner since 9/11. Checkpoint and screening are evolving at a rapid pace, and the conversation centers on new measures and technologies that are being integrated into checkpoints.

Digital Edition

  • Security Today Magazine - July August 2021

    July August 2021

    Featuring:

    • Tee Up the Security
    • Listen Clearly
    • Turning to the Cloud
    • COVID-19 The Final Push
    • Redefining Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety