Company Statement on Side-Channel Vulnerability

Sep 10^th, 2024

NinjaLab's recent security vulnerability report has identified a side-channel attack affecting certain security microcontroller solutions when used in conjunction with its built-in vulnerable cryptographic library. This vulnerability spans across multiple vendors' security products.

The report from NinjaLab clearly states that "FEITIAN products based on such security microcontroller embed a cryptolib developed by FEITIAN, which is indeed quite different from the chip manufacturer's implementation", and further confirms that FEITIAN products have no vulnerabilities as mentioned in the report and are not susceptible to this attack. (See sections 7.2.2 and 7.6 of the NinjaLab research report for more details.)

Our in-house developed cryptographic library has been rigorously certified by NIST FIPS 140-2, marking our commitment to security standards.

We are pleased to confirm that FEITIAN FIDO products are NOT compromised by this side-channel vulnerability. As a board member of the FIDO Alliance, FEITIAN Technologies remains dedicated to furthering the adoption of FIDO and passwordless technologies in order to provide our users with secure and reliable FIDO solutions.

About FEITIAN Technologies:

Founded in 1998, FEITIAN Technologies. The company is dedicated to building a full range of strong authentication, identification, and payment solutions using a variety of Security Key and Smart Card formfactors. FEITIAN is a member of Microsoft Intelligent Security Association (MISA), a Board Member of the FIDO Alliance, and is a Technology Partner for Google. FEITIAN is a leading worldwide provider of Fingerprint Biometric Passwordless Authentication. Globally, the company has over 1,000 employees, more than half of whom are focused on research and development. FEITIAN serves clients in over 150 countries with leading enterprise, financial, telecom, government, education organizations.