Skip to main content
  1. Home
  2. Computing
  3. News

Google recalls Titan Security Key due to hijack risk

Aaron Mamiit
By

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Editors' Recommendations

Update Google Chrome now to protect yourself from an urgent security bug

Google Chrome app on s8 screen.

Why I still use Microsoft’s Office suite instead of Google’s free options

Computer user touching on Microsoft word icon to open the program.

Upcoming Microsoft Teams update could finally make chatting easier

Microsoft Teams on a Windows desktop.

TweetDeck (for Mac) is dead. Here are some alternatives

The Twitter app on the Sony XPeria 5 II.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

The best shows on Disney+ right now (July 2022)

Big Hero 6's Baymax returns in a new series.

GPD Win Max 2 is the handheld gaming laptop you’ve been waiting for

A small GPD Win Max 2 laptop being held by two hands while playing a game with a Viking on the screen

ESO High Isle: How to play Tales of Tribute

Tales of Tribute cards on a table.

Why now is the worst time to build a PC in nearly 8 years

High performance and custom MSI computer building.

AstraLocker ransomware dev has change of heart, shuts down

faceless hacker in a black hoody

Intel Raptor Lake-S specs leak, but one key detail is missing

Intel Raptor Lake chip shown in a rendered image.

Thor: Love and Thunder review: Marvel’s latest is no Ragnarok

Natalie Portman and Chris Hemsworth pose as Thors in Thor: Love and Thunder..

Stranger things are happening in Paper Girls’ new trailer

The cast of Paper Girls.