Yubico Replaces Security Keys Due to Hardware Flaws

Yubico Replaces FIPS Series Security Keys Due to Hardware Flaws

Yubico discovered a hardware flaw in YubiKey FIPS Series devices in mid-March and since then, has updated the firmware version to one that does not contain the bug, as well as replaced the majority of affected devices.

  • By Kaitlyn DeHaven
  • Jun 17, 2019

Yubico is replacing U.S. government-approved security keys due to hardware flaws. The recalled device is the YubiKey FIPS Series, which are not consumer devices, and only in versions 4.4.2 and 4.4.4.

Yubico released an advisory last week that stated that the main issue with the security keys was decreased randomness in the first set of values.

“Random values leveraged in some YubiKey FIBS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up,” Yubico said. “The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted.”

Yubico originally discovered the flaw in mid-March 2019, and subsequently created YubiKey FIPS Series firmware version 4.4.5, which achieved FIPS certification on April 30, 2019.

The company has been replacing keys for affected FIPS devices since they discovered the issue, and said that at the time the advisory was released, they believed the majority of affected YubiKey FIPS Series devices had been replaced, or were in the process of being replaced.

The company is not aware of any security breaches due to the issue, but all users that haven’t yet been contacted by Yubico are advised to request a replacement.

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.