It has radios. Bluetooth Low Energy support, plus a near-field transponder. Seeing those functions in a security key is troublesome. It offers a lot of attack surface.
Those are so that you can use a security key with an iPhone or Android.
Yes, more surface, but it is a trade-off that means protecting more devices (users' phones; not just their laptops).
Personally, I would also like to see a USB-C security key that also works with phones and doesn't have the wireless antennas. (Not sure how to make something like that work with an iPhone, though.)
Right, but that's not really my question. I'm asking, do you really think Google is backdooring security tokens? Google's security team is basically at the vanguard of getting those things deployed.
Until there's a solid third party teardown, you just don't know. Look how many backdoors in major products have been discovered in recent years. Juniper Networks.[1] Cisco.[2] Dell.[3] ZTE.[4].
To my snarky interlocutor: congratulations, you pried the plastic off a Yubikey and found a pair of NXP MCUs. Now what? Can you even get the data sheets for those things without signing an NDA?
You've gotten quiet, but are posting on other threads (apologies, but you're someone whose comments I follow here on HN). I'm genuinely curious to hear out the logic you brought to this comment about Google backdooring U2F tokens, and also about what security hardware you do trust.
Yes, more surface, but it is a trade-off that means protecting more devices (users' phones; not just their laptops).
Personally, I would also like to see a USB-C security key that also works with phones and doesn't have the wireless antennas. (Not sure how to make something like that work with an iPhone, though.)