Skip to main content
  1. Home
  2. Computing
  3. News

Google recalls Titan Security Key due to hijack risk

Add as a preferred source on Google

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

Recommended Videos

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
A hacker’s arrest just revealed how Microsoft can track your Windows device
Microsoft knew what websites his Windows PC visited.
Windows 11 on a laptop

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Read more
The days of cheap Chinese AI models could be number as government mulls restrictions similar to the US
The AI world’s bargain aisle could be closed by China soon.
DeepSeek AI chatbot running on an iPhone.

DeepSeek's R1 helped kickstart global interest in low-cost Chinese AI. This was followed by increasingly capable systems from Alibaba, ByteDance, and Z.ai. Some models can be downloaded, customized, and hosted independently, giving many developers an alternative to paying for access to expensive US platforms.

However, this bargain may soon face a geopolitical lock--and this time, it's because of China and not the US. Reuters reports that Chinese authorities have held meetings with Alibaba, ByteDance, and Z.ai about potentially restricting overseas access to the country’s most advanced AI systems. Discussions apparently included closed models and open-weight releases, along with technology that has yet to reach the public.

Read more
Microsoft pushed Copilot everywhere, but barely anyone bought it, and even fewer use it: Report
Users are barely showing up for Copilot
Microsoft Copilot Banner Featured

Microsoft has spent the past few years making Copilot extraordinarily difficult to avoid. It appeared in Windows 11, and soon found its way to Edge, Word, and almost everywhere else in Microsoft's software suite. New laptops even received a dedicated Copilot key. Microsoft wanted AI to become a daily habit, and it had hundreds of millions of existing customers to leverage.

But the latest adoption figures suggest that the distribution was quite disappointing. Microsoft revealed that Copilot 365 has more than 20 million paid seats. While that does sound impressive at a glance, this number is dwarfed when you compare the company's more than 450 million paid commercial Microsoft 365 seats. So fewer than 4.5% of those customers pay for the full Copilot experience.

Read more