blog

Update on EUCLEAK Vulnerability and Chip Security

04-09-2024

We want to assure you that we do not use Infineon chips, which are affected by the EUCLEAK side-channel attack recently identified by NinjaLabs. This attack exploits a vulnerability related to the extended Euclidean algorithm (EEA) used in modular inversion.


The chips we utilize, including those from TMC, TSMC, and some versions of NXP models, do not rely on this algorithm and are therefore not susceptible to the EUCLEAK vulnerability.


This type of attack is well-known, and existing mitigations have been implemented long time ago by majority of chip manufacturers to address it. To clarify further, the EUCLEAK attack against passkeys stored on physical security keys requires both physical access to the key and knowledge of the PIN. The attack involves several successful authentications to exploit the vulnerability. In other words, since this attack is only feasible if an attacker already has both the physical key and the correct PIN, the practical risk of this vulnerability is limited, making it a very low-level threat.


For users with FIDO2 keys from other manufacturers that use the vulnerable chips, setting and enforcing a strong PIN, along with enabling the always_uv setting, can effectively prevent exploitation of this vulnerability.

updates