This document delves into the world of secure elements and FIDO hardware tokens, specifically focusing on the Infineon SLE78 secure element found in YubiKey 5 Series devices. By analyzing a similar JavaCard platform, researchers discovered a side-channel vulnerability in the Infineon ECDSA implementation, allowing for the extraction of the ECDSA secret key with physical access. This vulnerability extends to various Infineon security microcontrollers, potentially impacting secure systems like electronic passports and crypto-currency wallets. The EUCLEAK attack requires specialized equipment and technical skills, emphasizing the ongoing importance of using FIDO hardware tokens for secure authentication. The researchers, led by Thomas Roche of NinjaLab, have not yet received a CVE ID for their findings.
https://ninjalab.io/eucleak/