Researchers Succeed in Cloning Google's Titan, Other Security Keys — But Tell Users Not to Panic

A pair of researchers working at French security firm NinjaLab have documented a side-channel attack which allows for the cloning of Google's Titan security keys — FIDO U2F-standard hardware dongles designed to act as a universal second factor for authentication and which should, as a primary part of their proper operation, be unclonable.

"The Google Titan Security Key is a FIDO U2F hardware device proposed by Google (available since July 2018) as a two-factor authentication token to sign in to applications (e.g. your Google account)," researchers Victor Lomne and Thomas Roche explain. "Our work describes a side-channel attack that targets the Google Titan Security Key’s secure element (the NXP A700X chip) by the observation of its local electromagnetic radiations during ECDSA signatures (the core cryptographic operation of the FIDO U2F protocol). In other words, an attacker can create a clone of a legitimate Google Titan Security Key."

"To understand the NXP ECDSA implementation, find a vulnerability and design a key-recovery attack, we had to make a quick stop on Rhea (NXP J3D081 JavaCard smartcard). Freely available on the web, this product looks very much like the NXP A700X chip and uses the same cryptographic library. Rhea, as an open JavaCard platform, gives us more control to study the ECDSA engine. We could then show that the electromagnetic side-channel signal bears partial information about the ECDSA ephemeral key. The sensitive information is recovered with a non-supervised machine learning method and plugged into a customized lattice-based attack scheme."

The result: The observation of 4,000 ECDSA operations was enough to recover the secret key from a Rhea smartcard to prove the concept, and the same approach applied to Google's Titan did the same — albeit taking 6,000 observations to produce the long-term ECDSA private key required to clone the FIDO U2F account and create a duplicate key.

However, the pair say that while the attack was successful it doesn't render the Titan keys useless: " Two-factor authentication tokens' (like FIDO U2F hardware devices) primary goal is to fight phishing attacks," they note. "Our attack requires physical access to the Google Titan Security Key, expensive equipment, custom software, and technical skills. Thus, as far as our study goes, it is still safer to use your Google Titan Security Key or other impacted products as FIDO U2F two-factor authentication token to sign in to applications rather than not using one."

More information is available on the NinjaLab website, along with a paper detailing the attack and confirming its applicability to all models of Google Titan key, Yubico's Yubikey Neo, and a range of devices from rival Feitan, along with any other devices based on a list of two-generations-old NXP security chips.