Google recalls Titan Security Key due to hijack risk

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Mobile

Critical Bluetooth security bug discovered. Protect yourself with a quick update

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The attack allows a hacker to “break” Bluetooth security without anyone knowing.
Computing

Notepad has a major security flaw that leaves Windows PCs vulnerable to hackers

A Google Project Zero security researcher has discovered a major security flaw involving Windows PCs and Notepad. The flaw can allow hackers to take over entire computers. Microsoft has released a patch for the flaw.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Mobile

Google flags preinstalled malware as hidden threat on millions of Android phones

Google flagged preinstalled malware on Android smartphones as a hidden threat. The team discovered that the Chamois malware was preloaded in 7.4 million Android devices, while the attention was on malware that people downloaded themselves.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Deals

Now’s your chance to get the latest iPad Pro for $100 less on Amazon

The latest iPad Pro has always been our favorite since its release last year, and we even tagged it as the best tablet ever. Don’t miss out on Amazon’s discount on the 12-inch 256GB Wi-Fi model and get yours today for $1,049.
Computing

1.5% of Chrome users’ passwords are known to be compromised, according to Google

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Now, Google has released eye-opening stats gathered from Password Checkup.
Computing

From Chromebooks to MacBooks, here are the best laptop deals for August 2019

Whether you need a new laptop for school or work, we have you covered. We've put together a list of the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Deals

Amazon cuts $52 off this Samsung Galaxy 10.1-inch tablet for the whole family

Normally priced at $330, you can grab the Samsung Galaxy Tab A 10.1-inch 128GB Wi-Fi tablet now for only $278 and enjoy $52 savings. On top of that, Amazon is offering an extra $28 discount when you apply for a coupon during checkout.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Computing

Tired of your Mac freezing? Try these tips to fix your Mac

A Mac that keeps freezing can be an incredibly annoying thing to deal with, but fixing it doesn’t have to be a pain. There are six main things you should try, which we got through in this guide to help you fix the issue once and for all.
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

Latest Windows 10 update is causing random reboots and can break Visual Basic

The latest update for Windows 10, made available on Tuesday this week, includes patches against two critical vulnerabilities. But it is causing a string of issues including random reboots and failure to install.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.