Engadget

YubiKey vulnerability will let attackers clone the authentication device

NinjaLab, a security research company, has discovered a vulnerability that would allow bad actors to clone YubiKeys. As the company has explained in a security advisory, NinjaLab found a vulnerability ...
Wired

YubiKeys Are a Security Gold Standard—but They Can Be Cloned

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when ...
Ars Technica

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

That's a bad tradeoff that mostly leads to people continuing to use vulnerable products. Instead they should support digitally signed firmware updates, perhaps zeroizing existing keys during the ...