Skip to main content
  1. Home
  2. Computing
  3. News

Google recalls Titan Security Key due to hijack risk

Aaron Mamiit
By

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Related

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Editors' Recommendations

Topics
This free service just hit a huge website security milestone
global internet usage one zettabyte computer server room information cloud web net
These are the apps that have kept me glued to the Quest Pro
The Quest Pro has great hand-tracking capabilities.
iCloud might be sending your photos to strangers’ computers
Microsoft has released a new Windows 11 feature that makes the OS photos app compatible with Apple's iClould.
What is BeReal?
BeReal app notification on an Apple Watch.
This 67W charger is an Apple fan’s retro dream come true
The Shargeek Retro 67 charger powing up a MacBook Pro and an iPad.
This 38-inch curved Alienware monitor is $450 off (51% claimed)
alienware legend design aurora r9 desktop monitor2
Alienware teases a monster new 18-inch laptop ahead of CES
alienware area 51m review mem2
Here’s what I’ve learned after using the Quest Pro for one month
Alan Truly enjoying using a Meta Quest Pro
Nvidia may finally admit its major mistake with the RTX 4080
Nvidia GeForce RTX 4080 lays on a pink surface.
These Chrome extensions will put cash-saving coupons right in your browser
Woman shopping online for best Early Prime Day Deals
The best GPU benchmarking software
AVA Direct Corsair X99 side open with graphics cards.
Today’s best deals: TVs, laptops, iPads, robot vacuums and more
memorial day sales you can shop now 2020 early
Cooler Master’s Orb X gaming pod is futuristic and utterly absurd
The Cooler Master Orb X gaming station in a dark room with ambient lighting behind it.