Kensington EQ

Kensington EQ

Designed Using More Sustainable Materials

Learn More

Skip to Content Skip to footer
To see content specific to your location, return to the country or region that matches your location.

Suggestions

  • No Suggestions

Site Pages

Kensington VeriMark™: Unaffected by Infineon SLE78 Vulnerability in Security Tokens

red open lock icon overlays a digital cityscape, surrounded by security locks and binary code, symbolizing cybersecurity.
Navigating the Infineon SLE78 Flaw: Kensington VeriMark™ Stands Unaffected

In the ever-evolving landscape of cybersecurity, vulnerabilities can emerge even in the most trusted products. A recent discovery related to the Infineon SLE78 security module, used in certain security products in the market, highlights this point.

The Vulnerability in Question

The vulnerability discovered centers around the security module it uses, the Infineon SLE78. The attack method, known as a "side-channel" attack, allows a malicious actor to potentially record the security token stored on the module. Once recorded, the attacker can reproduce this token on a separate key, effectively bypassing the security that the affected product is designed to provide. This vulnerability is particularly concerning because it undermines the core function of a security key—keeping authentication credentials safe and secure from unauthorized access.

Hands typing on a laptop keyboard, surrounded by digital icons like fingerprints and security locks.

The Response

Recognizing the seriousness of the issue, the manufacturer swiftly addressed the vulnerability in May 2024 with the release of firmware version 5.7. This update patches the vulnerability, ensuring that new keys are protected against this type of attack. However, there is an important caveat: products manufactured before the release of firmware version 5.7 cannot be updated in the field. This limitation is by design, as allowing firmware updates could itself become a vector for security breaches. This means that users who purchased the product before May 2024 will either need to buy new products or continue using what they have, remaining at risk of security vulnerabilities.

Why Kensington VeriMark™ Is Unaffected

Kensington VeriMark™ products do not utilize the Infineon SLE78 security module and therefore are not susceptible to the same side-channel attacks. VeriMark™ products’ robust design and security architecture provide reliable protection without being impacted by this newly discovered vulnerability. This distinction underscores the importance of selecting security products that are resilient against emerging threats and highlights the ongoing commitment of Kensington to providing secure and dependable solutions.

Laptop on a wooden desk, with a Kensington Security Key connected on the left.

Conclusion

The discovery of this vulnerability serves as a reminder that security is a constantly evolving challenge. While the response and the steps taken to address the issue in its latest firmware, not all users will be able to benefit from this fix. On the other hand, Kensington VeriMark™ products continue to offer strong, unaffected security, making them a reliable choice for those who prioritize the safety of their authentication processes.

To further explore the world of security keys and biometrics, visit Kensington's Biometric Security Solutions page. Kensington’s robust authentication solutions include the VeriMark™ Fingerprint Key, which combines FIDO U2F and Windows Hello compatibility to deliver a secure and user-friendly authentication solution. If you are ready to secure your IT infrastructure but are unsure of the best way to protect your data, our team is here to help.

Discover Kensington's biometric solutions for advanced protection.