YubiKey still selling old stock with vulnerable firmware

Hacker News Discussion ↗

Continuing sale of vulnerable YubiKeys

  • A translated blog comment alleges Yubico is selling off existing stock with vulnerable firmware, especially the FIPS series, while reserving fixed firmware for “prioritized” customers.
  • Several commenters verify that the YubiKey 5 FIPS product page explicitly lists firmware 5.4.x (known to be vulnerable) and does not flag this as such.
  • Others note that non‑FIPS keys in the store are clearly labeled with newer 5.7.x firmware.
  • Some see this as “dumping” vulnerable stock on unsuspecting customers; others argue the claim that Yubico mis‑ships older firmware when advertising new is unproven or anecdotal.

FIPS certification and constraints

  • FIPS 140-2 validation currently only covers the vulnerable 5.4.2 / 5.4.3 firmware.
  • Newer, fixed firmware (5.7.x) is not yet FIPS‑validated; Yubico has only just submitted for FIPS 140-3.
  • This leads to the odd situation where “FIPS-certified” keys are less secure in practice, but required for regulatory compliance.

Vulnerability impact and threat models

  • Vulnerability is a side-channel in Infineon’s ECDSA implementation enabling private key recovery for ECC keys (FIDO2 and other ECC smart card uses); RSA keys are reported as unaffected.
  • Exploit requires physical possession, specialized equipment, many successful auth/sign operations, and likely disassembly; some describe keys as effectively tamper‑evident, others counter that shells can be replaced.
  • Many consider this relevant primarily for nation-states or highly motivated attackers; for most users it remains a theoretical risk and still strong protection against phishing.
  • Others argue that hardware tokens are sold precisely on “inextractable keys,” so any feasible extraction undermines their core value.

Replacement, trust, and customer expectations

  • Yubico’s advisory offers mitigations but no free replacement; this contrasts with an earlier advisory where affected keys were replaced.
  • Some view refusal to replace or discount as a serious trust breach, especially for environments that must retire any known‑vulnerable systems.
  • Others argue lifetime replacement of all past keys is unrealistic at the price point; they still trust Yubico and see flaws as inevitable in complex security products.

Alternatives and openness

  • Alternatives mentioned include Nitrokey, JavaCard-based tokens, and token2 devices with open firmware.
  • Openness is seen as a plus (inspectable firmware, independent review), but there are reports of Nitrokey shipping late, missing promised features, and having weaker support.
  • Flashable firmware is debated: better for updates, but potentially more exposed if the host system is compromised.