3

Google has now released their "Titan" keys to the general store (albeit via a waitlist). When they first announced their product, Yubico, their chief competitor, decried the use of Bluetooth:

Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability. BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience.

This aspersion came some time after revelations of a flaw in the Bluetooth stack, namely the Blueborne vulnerability.

However, if U2F relies on Public Key Cryptography, does it matter if someone can see every part of the data exchange? I thought that was part of the point of U2F.

  • I do not worry about an evil ISP intercepting my HTTPS connections; should I worry about an evil bystander when I use U2F over Bluetooth?

  • If not, is Yubico concerned about compromise of the U2F device itself, or are they just throwing Fear, Uncertainty, and Doubt (A.K.A. "FUD") at a competitor's product?

hft
  • 4,910
  • 17
  • 32
Michael
  • 2,391
  • 2
  • 19
  • 36
  • 2
    Sidenote: the Google keys appear to be rebadged Feitian MultiPass and ePass devices. – user71659 Aug 30 '18 at 18:12
  • The dongle comes with a USB key as well, in case you have doubts about BLE. – dandavis Aug 30 '18 at 18:38
  • @dandavis, Thank you. I am aware. I'm more asking whether any doubts about BLE are based in fact. – Michael Aug 30 '18 at 18:40
  • The dongle came out after blueborne, so that's not an issue, but to some, it's guilty by association. All in all, it's worked 100% for google since roll-out, so that's pretty convincing. – dandavis Aug 30 '18 at 18:42
  • @dandavis U2F has worked 100% for Google to prevent phishing since its rollout years ago, I haven't seen any mention of how long or how many employees have been using bluetooth for U2F though, but I'm guessing both are relatively low since the bluetooth devices are still pretty new. – AndrolGenhald Aug 30 '18 at 19:10

1 Answers1

4

If the transport security between the User Agent and the Authenticator is broken there are some (debatably minor) issues:

  • The AppID is disclosed when you log into a site (this is usually the domain of the site)
  • If the attacker is nearby and knows your password he might be able to submit the token's signature of the website's challenge before you (depending on the server's implementation this might also require him to know your session cookie, which seems unlikely)
  • An attacker might be able to submit his own challenges to your token, which if timed properly (i.e. right before you submit your own challenge) could allow him to log in (again assuming he knows your password)
AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50