Researchers Uncover Vulnerability Allowing YubiKey Cloning

The flaw in Infineon microcontrollers affects millions of devices, but exploitation requires significant resources and physical access.

The EUCLEAK vulnerability affects YubiKey 5 and other devices using Infineon SLE78 microcontrollers.
Cloning a YubiKey via this flaw demands physical possession, specialized equipment, and extensive technical knowledge.
Yubico has rated the flaw as moderate, with a CVSS score of 4.9, due to its limited practical risk.
Firmware updates are not available for affected devices; users are advised to switch to RSA signing keys.
Other impacted products include Infineon TPMs, Optiga Trust M microcontrollers, and Feitian A22 JavaCards.