Searching for a specific part number? Please use the “part number” select field of our Product Finder.

Product Finder

Security Advisory SB-2025-09: Attestation Key Recovery

Published: 2025-09

CVSS Severity: 4.8

Summary

In September 2024 the EUCLEAK vulnerability, which affected the iShield Key 1 series was discovered and patched in October 2024. See Security Advisory SB-2024-01 (https://swissbit.com/security-advisory/sb-2024-01).

In July 2025, it was brought to our attention that it's possible to recover the attestation private key from an unpatched iShield Key 1 device.

Since the attestation key has remained constant, a relying party cannot verify whether the attestation signature originated from an authentic iShield Key 1 device regardless of the firmware version. An attacker could create a fraudulent iShield Key 1 which would produce a valid FIDO attestation signature during registration. Organizations that depend on the FIDO attestation to verify the authenticity of an iShield Key 1 should no longer trust the attestation signature of the iShield Key 1 with AAGUIDs:

  • 931327dd-c89b-406c-a81e-ed7058ef36c6
  • 5d629218-d3a5-11ed-afa1-0242ac120002

Affected Products

  • iShield Key Pro
  • iShield Key FIDO2

Affected Part Numbers

  • SNU20000D1PBAN0-E-XX-XXX-XXX
  • SNU20000D1PBCN0-E-XX-XXX-XXX

Not Affected Products

All products in the iShield Key 1.1 & iShield Key 2 series are not affected

  • Swissbit iShield Key 1.1
  • Swissbit iShield Key 1.1 FIPS
  • Swissbit iShield Key 2
  • Swissbit iShield Key 2 FIPS
  • Swissbit iShield Key 2 Enterprise
  • Swissbit iShield Key 2 FIPS Enterprise

Not Affected Part Numbers

  • PK2000IA0000E-1002-XXX-XXX
  • PK2000IC0000E-2002-XXX-XXX
  • PK2000IA0000E-2002-XXX-XXX

How to Check if Your Device Is Affected

To determine whether your iShield Key 1 is affected:

  1. Open the iShield Key Manager and connect your iShield Key 1.
  2. Check the AAGUID field in the FIDO2 card. If it matches one of the following, your device is affected:
  • 931327ddc89b406ca81eed7058ef36c6
  • 5d629218d3a511edafa10242ac120002

FIDO Attestation Private Key Recovery

A sophisticated attacker with specialized equipment can create a fraudulent iShield Key 1 device that is indistinguishable from a legitimate one.

FIDO attestation is used to prove to a relying party that a security key is of the make and model that it claims to be. This is achieved using a shared attestation private key that signs the makeCredential response during registration.

To protect user privacy, the same attestation key is used across all devices of the same model. It is typically rotated after at least 100,000 units have been produced.

However, since the attestation key for iShield Key 1 devices was not rotated, even devices with firmware version 3.35.0 or later remain vulnerable.

Implication: Organizations that depend on the FIDO attestation to verify the authenticity of an iShield Key 1 should no longer trust the attestation signature of a newly registered iShield Key 1.