We want to assure you that we do not use Infineon chips, which are affected by the EUCLEAK side-channel attack recently identified by NinjaLabs. This attack exploits a vulnerability related to the extended Euclidean algorithm (EEA) used in modular inversion.

The chips we utilize, including those from TMC, TSMC, and some versions of NXP models, do not rely on this algorithm and are therefore not susceptible to the EUCLEAK vulnerability.

This type of attack is well-known, and existing mitigations have been implemented long time ago by majority of chip manufacturers to address it. To clarify further, the EUCLEAK attack against passkeys stored on physical security keys requires both physical access to the key and knowledge of the PIN. The attack involves several successful authentications to exploit the vulnerability. In other words, since this attack is only feasible if an attacker already has both the physical key and the correct PIN, the practical risk of this vulnerability is limited, making it a very low-level threat.