On Wednesday, Google announced that it had found a security issue affecting its Titan Security Keys in the U.S. The version impacted by the problem is the Bluetooth Low Energy version.
The bug affects all the Bluetooth security keys with T1 and T2 signs at the back. It appears that the problem is serious enough for the tech giant to offer a free replacement.
Google said in an official statement:
“This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected. Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement since security keys provide the strongest protection against phishing.”
The Bluetooth version of the Titan Security Key was launched in the United States July last year. It is a dongle small enough to fit a user’s keychain while offering an extra layer of Google account protection, preventing any potential phishing or hacking attempts.
Titan Security Keys at Risk
According to Google, the issue with the Titan Security Keys stems from a misconfiguration in the Bluetooth pairing protocols of the device. The bug now makes it possible for hackers within 30 feet of the keys to communicate with them.
Google explained:
“An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.”
Furthermore, a hacker within close proximity of the security key can also use a fake device to pose as a user’s security key during pairing. Pairing with this fake security key gives attackers all the access they need to steal a person’s vital information.
Google is now encouraging all Bluetooth Titan Security Key users to replace their keys at once for their own protection.
Comments (0)
Most Recent