Yubikey Neo Teardown and Durability Review
An anonymous reader writes: Folks at HexView (disclaimer: I contract for the company) took apart Yubikey Neo and found out that, while the key uses solid hardware to ensure secure identity management, its physical anti-tamper measures and durability could be improved. The tear-down analysis is short, but to the point, and offers some very nice close-ups of the internals. One example of the design shortcomings they've identified: Contrary to Yubico's claims, Yubikey appears to be quite destructable. Do not push on it when you touch the sensor while the key is plugged in to a USB port. The point where it bends the most happens to be the point where USB vias are located and through which NFC antenna loop goes. To make things worse, the injection molding hole right next to the connector makes this area even more susceptible to bending.
From TFA: For those interested, FIPS140-2 Level 1 means that a device has at least one standard ("approved") security algorithm or function and Level 2 means that physical design is tamper-evident.
He seems to think little of the product, but it appears to me it meets the requirements just fine. It's obvious that his key was tampered with, and nothing was done to try to extract key data from the device. Basically, he can take one apart, but there's little chance someone's going to take my Yubikey in the middle of the night, duplicate the key data, and put it back without me noticing something is wrong. Sure, the NSA could probably do it, but they can't have the time with listening to everyones grandmas phone calls. =)