1. Computing

Google recalls Titan Security Key due to hijack risk

By

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Editors' Recommendations

Want to browse the web privately? Here’s how to do it for real

how to browse the web privately anonymous header

How to use Sign in with Apple

How to reset your Apple ID password

apple new york iphone doj passcode

Protect your privacy with the best cheap VPN deals for November 2020

best vpn for small business man holding phone app creation internet protocols protection network

This Seagate 2TB External Hard Drive is down to $53 — today only

seagate Backup Plus Ultra Slim

How to recall an email in Gmail if you accidentally sent it

15 problems with the MacBook Air and how to fix them

How to care for your laptop’s battery and extend its life

These are the best laser printer deals for November 2020

How to change your language in Google Chrome

Best graphics card for video editing

AMD Radeon RX 5700 and 5700 XT review

These are the best cheap Chromebook deals for November 2020

hp chromebooks the best of amazons 12 days deals chromebook x360 inch hd touchscreen laptop 1

The best USB-C cables for 2020

usb c power bank graphene battery pack

How to create and set custom ringtones for your Android phone

The best cheap Razer deals for November 2020: Laptops, monitors, and more