Yubico announced that they have planned to replace their hardware security keys due to a firmware flaw which reduced the randomness of cryptographic keys generated by its devices.
The products that were affected include models part of the YubiKey FIPS Series which is a line of YubiKey authentication keys certified for use on US government networks according to the US government’s Federal Information Processing Standards (FIPS).
According to a Yubico security advisory, YubiKey FIPS Series devices with firmware version 4.4.2 and 4.4.4 contain a bug that keeps “some predictable content” inside the device’s data buffer after the power-up operation.
This “predictable content” influences the randomness of cryptographic keys generated on the device for a short period after the boot-up, until the “predictable content” is all used up, and true random data is present in the buffer.
After booting up YubiKey FIPS Series devices for a short period, the affected 4.4.2 and 4.4.4 versions will generate keys that can be either partially or fully recovered depending on the cryptographic algorithm the key is working with for a particular authentication operation.
All those who use the YubiKey FIPS Series are advised to check their key’s firmware version and sign up for a replacement on their web portal, if they haven’t received one already.
The users would receive new YubiKey FIPS Series keys with a corrected firmware version of 4.4.5. YubiKey FIPS Series firmware version 4.4.3 was not released as the version skipped from 4.4.2 to 4.4.4.
According to a technical advisory published by the company, certain scenarios are listed in which authentication procedures involving YubiKey FIPS Series may be impacted.
Example, FIDO U2F-based authentication procedures are impacted, while the use of YubiKey FIPS Series keys together with smart cards, OATH one-time passwords, and OpenPGP may decrease the security of authentication procedures in some scenarios.
The threat of an attacker exploiting this vulnerability is low due to the complex requirements for intercepting the authentication operations and then breaking the cryptographic key. Still it is better to not take chances as these keys are used in highly sensitive networks.