ROCA: Return Of the Coppersmith Attack

Unlike the "touch to authenticate" step this is a very rare case so it might be fine to have it require say, a weird dance like "hold the touch sensor for 15 seconds, then release it for 15 seconds, repeat this four times before running the update software" or "tap the sensor in the pattern tap; pause; tap-tap-tap; pause; tap; pause; tap-tap-tap; pause; tap".

Unfortunately all these types of solutions are also vulnerable to a problem where somebody nicks your Yubikey, field upgrades it to a version that works against you, then gives it back. Being obliged to send the device away to the manufacturer partly averts this attack. Of course a _very_ sophisticated adversary might be able to produce a look-alike device that suits their purpose and can be substituted quickly, for example by pick-pocketing. For example if you're Bill Browder, then sure, even the current arrangement isn't going to keep you safe from the type of forces able to have your associates murdered with impunity and then blame you for their deaths. But most of us aren't Bill Browder.