A new in-depth security analysis of the firmware in the SoloKey hardware authenticator found a serious vulnerability that could enable a downgrade attack on a key in some scenarios.
The vulnerability was discovered during a two-week-long review of the Solo firmware, which included both a manual source code review and fuzzing. The weakness that the researcher discovered could allow an attacker to install an older version of the Solo firmware and then exploit a known vulnerability in it to gain control of the key. SoloKeys are open source FIDO2-compliant hardware security keys that individuals can use as a universal second factor for authentication.
The keys began shipping in late 2018 and the team that developed them had been hoping to do a security review of the firmware but didn’t have the financial resources to do it at the time. But with a new model of the SoloKey on the horizon, the team decided to go ahead with the firmware review now and hired Doyensec to see where it took them. The results were positive, with two low-severity informational vulnerabilities found along with the downgrade attack.
Downgrade attacks can be a serious problem in some cases, depending upon the target device and the vulnerabilities present in the older firmware or software the attacker can load. In the case of the SoloKey firmware, the weakness was serious, but there are a number of mitigating factors that would have made it somewhat challenging for an attacker to exploit. An attacker would either need physical possession of the key or the ability to get a victim to click on an acknowledgement if he tried to install the vulnerable firmware from a malicious site. Also, because Solo firmware updates are signed, the attacker could only install one of the previous versions of that firmware and not a custom malicious one of his own. Solo has fixed the vulnerability.
“Solo firmware updates are a binary blob where the last 4 bytes represent the version. When a new firmware is installed on the keys, these bytes are checked to ensure that its version is greater than the currently installed one. The firmware digital signature is also verified, but this is irrelevant as this attack only allows to install older signed releases,” Solo said in a post on the review.
“The new firmware is written to the keys in chunks. At every write, a pointer to the last written address is updated, so that eventually it will point to the new version at the end of the firmware. You might see the issue: we were assuming that chunks are written only once and in order, but this was not enforced. The patch fixes the issue by requiring that the chunks are written strictly in ascending order.”
Solo has patched the downgrade attack in a new version of the firmware.