cloning – Noise

YubiKey Side-Channel Attack

Bruce Schneier — Fri, 06 Sep 2024 15:16:21 +0000

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technica...

Voice Cloning with Very Short Samples

Bruce Schneier — Mon, 15 Jan 2024 12:09:20 +0000

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.

FTC’s Voice Cloning Challenge

Bruce Schneier — Thu, 16 Nov 2023 18:46:45 +0000

The Federal Trade Commission is running a competition “to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning.”

Cloning Google Titan 2FA keys

Bruce Schneier — Tue, 12 Jan 2021 12:16:55 +0000

This is a clever side-channel attack:

The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take measurements as the key is being used to authenticate on an existing account. Once the measurement-taking is finished, the attacker seals the chip in a new casing and returns it to the victim.

Extracting and later resealing the chip takes about four hours. It takes another six hours to take measurements for each account the attacker wants to hack. In other words, the process would take 10 hours to clone the key for a single account, 16 hours to clone a key for two accounts, and 22 hours for three accounts...