Searching for a specific part number? Please use the “part number” select field of our Product Finder.

Product Finder

Security Advisory SB-2024-01: Infineon ECDSA Private Key Recovery

CVSS Severity: 4.9

Summary

A vulnerability that was discovered in Infineon’s cryptographic library, also known as EUCLEAK
(https://ninjalab.io/eucleak), affects the iShield Key 1 series with firmware prior to 3.35.0.

An attacker with physical possession of an iShield Key 1 can exploit this vulnerability to recover:

  • The private key of a FIDO credential.
  • The private key of a PIV slot

The attack demands specialized equipment, advanced expertise in both electrical and cryptographic engineering. Depending on the type of credential, specific knowledge such as the credential ID, the relying party ID associated with the iShield Key 1, or the PIV PIN is required to carry out the attack. Due to the complexity and resource requirements, such an attack would likely only be feasible for nation-states or similarly well-resourced actors in highly targeted situations.

The vulnerability was brought to our attention in September 2024 and patched in October 2024. All partners and distributors were informed. Unfortunately, it is not possible to patch the devices that are already in the field.

Affected Products

  • iShield Key Pro with firmware versions prior to 3.35.0
  • iShield Key FIDO2 with firmware versions prior to 3.35.0

Affected Part Numbers

  • SNU20000D1PBAN0-E-XX-XXX-XXX
  • SNU20000D1PBCN0-E-XX-XXX-XXX

Not Affected Products

All products in the iShield Key 1.1 & iShield Key 2 series are not affected

  • Swissbit iShield Key 1.1
  • Swissbit iShield Key 1.1 FIPS
  • Swissbit iShield Key 2
  • Swissbit iShield Key 2 FIPS
  • Swissbit iShield Key 2 Enterprise
  • Swissbit iShield Key 2 FIPS Enterprise

Not Affected Part Numbers

  • PK2000IA0000E-1002-XXX-XXX
  • PK2000IC0000E-2002-XXX-XXX
  • PK2000IA0000E-2002-XXX-XXX

How to Check if Your Device Is Affected

To determine whether your iShield Key 1 is affected:

  1. Open the iShield Key Manager and connect your iShield Key 1.
  2. Check the AAGUID field in the FIDO2 card. If it matches one of the following:
  • 931327ddc89b406ca81eed7058ef36c6
  • 5d629218d3a511edafa10242ac120002
  1. Check the Firmware field in the Overview card. If the version is older than 3.35.0, your device is affected.

 

FIDO Credential Private Key Recovery

A sophisticated attacker with specialized equipment and physical access to a iShield Key 1 device running firmware prior to 3.35.0 can extract the private key of a FIDO credential.

  • For U2F (second-factor) FIDO credentials, the attacker must know the credentialID.
  • For discoverable FIDO credentials (also known as resident keys or passkeys), knowledge of the relying party ID is sufficient.

Implication: If you consider yourself a potential target of a sophisticated attack, such as one originating from a nation-state actor, you should no longer use an iShield Key 1 device with firmware versions earlier than 3.35.0 for password less multi-factor authentication were possession of the device is the first factor and knowledge of a PIN is the second. In such cases security is effectively reduced to a single factor: possession.

PIV Key Operations

A sophisticated attacker with specialized equipment and physical access to an iShield Key 1 Pro device running firmware prior to version 3.35.0 can extract the private key stored in a PIV slot, if the key is an elliptic curve key.

The extraction method is similar to the one used for FIDO credentials. However, access to the key depends on the slot and PIN configuration:

  • For slots other than 9C and 9E, the attacker must also know the PIV PIN.
  • For slots 9C and 9E, the key can be extracted without knowledge of the PIN, making them particularly vulnerable.

Implication: To mitigate the risk of key extraction:

  • Avoid using elliptic curve keys in PIV slots 9C and 9E.
  • Ensure that a non-default PIN, PUK, and management key are set on all devices.