Skip to main content
  1. Home
  2. Computing
  3. News

Google recalls Titan Security Key due to hijack risk

Add as a preferred source on Google

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

Recommended Videos

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Microsoft pushed Copilot everywhere, but barely anyone bought it, and even fewer use it: Report
Users are barely showing up for Copilot
Microsoft Copilot Banner Featured

Microsoft has spent the past few years making Copilot extraordinarily difficult to avoid. It appeared in Windows 11, and soon found its way to Edge, Word, and almost everywhere else in Microsoft's software suite. New laptops even received a dedicated Copilot key. Microsoft wanted AI to become a daily habit, and it had hundreds of millions of existing customers to leverage.

But the latest adoption figures suggest that the distribution was quite disappointing. Microsoft revealed that Copilot 365 has more than 20 million paid seats. While that does sound impressive at a glance, this number is dwarfed when you compare the company's more than 450 million paid commercial Microsoft 365 seats. So fewer than 4.5% of those customers pay for the full Copilot experience.

Read more
iFixit wants to fix your appliances next, and it brought a bigger toolkit
iFixit’s new $35 Megalodon wants to save your appliances from the trash
iFixit Megalodon Driver Kit Featured

iFixit built its reputation by showing people how to fix their phones, consoles, and laptops by themselves. But its next target is larger and probably sitting somewhere in your kitchen or laundry room. The company has launched the Megalodon Driver Kit, which is a $34.95 toolkit designed for appliance repairs, furniture assembly, automotive tinkering, and the countless household jobs.

Picture this, your vacuum cleaner may still work perfectly aside from one loose component buried behind a recessed screw. So rather than replace the whole thing, you can make a quick fix with Megalodon.

Read more
Asus ExpertBook Ultra review: A dreamy ultra-thin machine that surprised me with raw power
If thin and light is what you value the most, this one will serve you perfectly, without the obvious performance compromises.
Asus ExpertBook Ultra laptop

See at Amazon

Quick Review

Read more