[dathinab]

It probably shares the secure element (hardware).

But that doesn't mean that the new Yubikeys (Series 5) are not affected. Just that they are not know to be affected.

I hope Yubico will make a follow up post about weather or not other Yubikeys are affected too.

But then given what is needed to use this exploit, it probably doesn't matter for many people.

[tialaramex]

Yes. The general idea of the attack is always going to be possible in principle. What happened here is they demonstrated they can actually do it in practice, and they gave us some parameters for how easy/hard it was. Other devices can (and in future should) make it harder than this, but it's never truly going to be impossible.

One thing I like very much about Security Keys is that the intuitive experience with ordinary physical keys applies. The idea that if someone stole your key that's bad makes sense.

[bostik]

I'll just add to the sibling comment with one educated guess. Since the attack requires recording of approximately 6k U2F auth operations, we can quite easily calculate the minimum wall time.

From a purely anecdotal experience, it takes between 1 and 2 seconds to "cycle" a YubiKey from a working keypress to the next working keypress. The delay is probably built in to the firmware to mitigate attacks like this. Let's be conservative and say you can run a U2F auth operation every second.

6000 * 1s = 1h40m. That's how long an attacker would have to have the key in their possession to generate enough material to run the rest of the attack offline. So perfectly doable as an evil maid attack with enough specialised gear. Infeasible as a drive-by attack.