New to Busy?

// Hacking NEWS // Google's Titan Security Key Is Vulnerable Via Bluetooth

0 comments

vijbzabyss
67
6 days agoSteemit3 min read

Hackers could exploit a flaw in the way the company's security keys are associated with a device via Bluetooth. Google offers free replacement keys.

Hackers-Nearby-can-Hijack-Bluetooth-Titan-Security-Keys.png
Source

Google's security key has a bug... that makes it much less secure than it should be. A highlight for a product called Titan Security Key.

On Wednesday, Google published an alert regarding its Titan security key, and more specifically the Bluetooth edition. The latter includes a vulnerability in the Bluetooth pairing process with a terminal and authentication.

Interception within a 9-metre perimeter

A close attacker could rename any Bluetooth device with the name of the Titan security key and deceive a user to connect to this fraudulent terminal. Once connected to the victim via Bluetooth, the hacker could perform different actions, warns Google.

The American firm also identifies another attack scenario, in which an attacker could connect to a person's Bluetooth security key before its rightful owner. In this case, if the attacker already knew the person's login credentials, the account would be accessible.

Google recommends that you disable Bluetooth key pairing and request a replacement.

The company points out that if you use security key pairing, this operation must be performed in a private place without a potential attacker at a range of 9 meters.

Security keys are in principle an effective way to prevent account takeovers, but Google's alert points out that hackers still have options to conduct their attacks. Nevertheless, this vulnerability requires that an attacker be close and orchestrates targeted and coordinated piracy.

"It is much safer to use the affected key than no key at all," says Christiaan Brand, Google Cloud product manager. "Security keys are the best protection against phishing currently available."

You can check if your Titan security key is affected by looking for a "T1" or "T2" on the back of it. Google offers to replace a vulnerable key for free. Note that the Titan Key is also available in USB form, not affected by the flaw.

Stay Informed, Stay Safe

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

Comments

Sort byBest