Google Replacing Bluetooth Titan Security Keys Over Exploitable Bug

05-titan-key

05-titan-key

And because of that, Google has issued a recall of the affected Security Keys.

"This security issue does not affect the primary goal of security keys, which is to protect you against phishing by a remote attacker", the company said in a blog post.

Google is warning that the Bluetooth Low Energy version of the Titan security key it sells for two-factor authentication can be hijacked by nearby attackers, and the company is advising users to get a free replacement device that fixes the vulnerability. Google recommends using your bad key to sign-in one last time from a secure space where no one is within 30 feet, and then immediately unpairing it. When the security key is used to log into an account, an attacker could use their own device to connect to the user's computer and log into the account. Since the Titan Security Key's main objective is to prevent phishing attacks, Google has stated that even using an affected key is safer than no key at all.

The Google Titan Bluetooth Security Key is a physical security token that, when paired with a phone or tablet, delivers one of the two passwords needed to unlock an account protected with two-factor authentication. Due to a misconfiguration in the Bluetooth pairing protocols, an attacker physically close to the key can use your security key to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. If successful, the attacker could attempt to convert the hostile device to a Bluetooth keyboard or mouse to direct input to the compromised device. If it's marked T1 or T2, Google will replace it for free.

The issue only affects the Bluetooth-enabled keys, not those that you plug into a USB port.

The bug stems from a misconfiguration of the Titan Key's Bluetooth pairing protocol, which in normal use provides a quick way to verify security credentials by holding the key near to a phone or laptop.

The company also provided a number of steps created to make it possible for users of iOS (12.2 or earlier) and Android devices and of BLE version of Titan Security Keys to minimizing the security risks until they receive their replacement security keys. Everything was all fine and dandy for a while, but then today, Google alerted users to a rather peculiar flaw in its BLE Titan keys.

Читайте также: US State Department orders all non-essential government personnel to leave Iraq

Lots of things have to line up just right for this exploit to be effective, and Google is not aware of this exploit being used to gain access to user data in the wild.

You can obtain a replacement by heading to google.com/replacemykey.

As if the world isn't scary enough: According to Google, your most trusted security measures could actually be secret vulnerabilities.

However, when you update to iOS 12.3 your security key will no longer work, so those users should stay logged in to their accounts so that they aren't locked out.

Brand said that iOS 12.3, which Apple started rolling out on Monday, won't work with vulnerable security keys.

Rival vendor Yubico has refrained from offering a Bluetooth security key, claiming the technology "does not meet our standards for security, usability, and durability". Google is also still recommending that people use the keys in their current state as some protection is better than none. Note that you can continue to sign into your Google Account on non-iOS devices. After signing in, users should immediately unpair the security key. Android devices updated with the upcoming June 2019 Security Patch Level (SPL) and beyond will automatically unpair affected Bluetooth devices, so you won't need to unpair manually.

It also affects Feitian BLE security keys.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Recommended News

  • Amazon Updates Its Cheapest Fire Tablet (a Little)

    Amazon Updates Its Cheapest Fire Tablet (a Little)

    Tablets have shrunk in popularity in the past few years but that isnt stopping Amazon from developing its affordable Fire lineup. The biggest change here is that storage options for the Fire 7 have doubled in size to 16GB and 32GB.
    Activists scale Sydney Harbour Bridge over climate change

    Activists scale Sydney Harbour Bridge over climate change

    Greenpeace Australia Pacific's chief executive, David Ritter, dismissed questions about the legality of the protest action. One activist can be seen holding a banner that appears to say "100% RENEWABLES", with the Greenpeace logo underneath.
    Britney Spears may never perform again, her manager says

    Britney Spears may never perform again, her manager says

    Spears made the decision to clear the air on her well-being because "things that are being said have just gotten out of control!" And, if she ever does want to work again, I am here to tell her if it is a good idea or not, " he said.
  • Lindsey Graham proposes strict immigration bill amid border crisis

    Lindsey Graham proposes strict immigration bill amid border crisis

    A "four pillars" proposal past year fell by the wayside after Republicans failed to get behind corresponding legislation. The president has scheduled an afternoon speech from the White House Rose Garden where he will make his pitch.
    Trump Tells Lighthizer to Ready Tariffs on All Chinese Goods

    Trump Tells Lighthizer to Ready Tariffs on All Chinese Goods

    The US and China have gone through rough patches before. "Looking forward, we are still cautiously optimistic ", Liu said . At this stage, we believe that such harsh retaliatory measures are unlikely. "And I'm an economist".
    Next Nintendo Direct is about Super Mario Maker 2

    Next Nintendo Direct is about Super Mario Maker 2

    You can filter courses and leave comments on ones that you've enjoyed, as if you're throwing someone a "like" on Facebook. Super Mario Maker 2's story mode has Mario helping Princess Peach rebuild her castle.
  • Hyundai and Kia invest 80 million in Croatian electric vehicle  company

    Hyundai and Kia invest 80 million in Croatian electric vehicle company

    The Croatian company has gone from strength to strength, focusing on producing some of the highest performance battery drivetrains on the market.
    Uber has a solution for chatty drivers

    Uber has a solution for chatty drivers

    Then, hit 'Request Uber Black, ' and your driver will know what your preferences are ahead of time. The driver will have to wait up to 15 minutes for the rider, instead of the usual 1-5 minutes.
    Ben Zobrist Remains On Leave From Cubs Indefinitely

    Ben Zobrist Remains On Leave From Cubs Indefinitely

    Ben Zobrist spent less than four months with the Royals in 2015, but he and his family left an imprint on Kansas City fans. She also sang "God Bless America" before Game 4 of the 2016 World Series between the Cubs and Indians at Wrigley Field.
  • Epic launches its first major games sale, the Epic Mega Sale

    Epic launches its first major games sale, the Epic Mega Sale

    Incidentally, Kotaku also reports that two games have been temporarily removed from the Epic Games Store by their publishers. As part of the sale, Epic Games is also promising an additional $10 off when you buy any game that costs at least $14.99.
    Walmart rolls out free next-day delivery service

    Walmart rolls out free next-day delivery service

    The service starts today in Phoenix and Las Vegas, with expansion to Southern California in the coming days. As it has for much of its existence, Amazon upped the ante for competitors around customer convenience.
    U.S.  targets $300B of Chinese goods for new tariff hikes

    U.S. targets $300B of Chinese goods for new tariff hikes

    The Shanghai Composite Index lost 0.7% and the blue chip CSI 300 was 0.6% lower on Tuesday. As Kudlow conceded in a Fox News interview on Sunday, that is not how tariffs work.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.