• Bjornir@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    Couldn’t you just use the yubikey like normal if you have physical access to it instead of copying it ?

    • jqubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      In fact reading through the article it sounds like they would need to use it to extract the secret. I guess the end goal for this would be to maintain surreptitious access to something after returning the key to the target, either to build a criminal case or for espionage purposes.

      Given that the vulnerability may also apply to other secure access card/devices I suppose it could also be used if a nation-state wanted to use an impostor to access secure facilities.