May 26, 2019 News Magazine

Google recalls its Bluetooth Titan Security Keys because of a security bug

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says that the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty keys still protect against phishing attacks. Still, the company is providing a free replacement key to all existing users.

The bug affects all Titan Bluetooth keys that have a “T1” or “T2” on the back.

To exploit the bug, an attacker would have to within Bluetooth range (about 30 feet) and act swiftly as you press the button on the key to activate it. The attackers can then use the misconfigured protocol to connect their own device to the key before your own device connects. With that — and assuming that they already have your username and password — they could sign into your account.

Google also notes that before you can use your key, it has to be paired to your device. An attacker could also potentially exploit this bug by using their own device and masquerading it as your security key to connect to your device when you press the button on the key. By doing this, the attackers can then change their device to look like a keyboard or mouse and remote control your laptop, for example.

All of this has to happen at the exact right time, though, and the attacker must already know your credentials. A persistent attacker could make that work, though.

Google argues that this issue doesn’t affect the Titan key’s main mission, which is to guard against phishing attacks, and argues that users should continue to use the keys until they get a replacement. “It is much safer to use the affected key instead of no key at all. Security keys are the strongest protection against phishing currently available,” the company writes in today’s announcement.

The company also offers a few tips for mitigating the potential security issues here.

Some of Google’s competitors in the security key space, including YubiCo, decided against using Bluetooth because of potential security issues and criticized Google for launching a Bluetooth key. “While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability,” YubiCo founder Stina Ehrensvard wrote when Google launched its Titan keys.


Source: TechCrunch

Tags: in Uncategorized
Banner
Related Posts

Microsoft launches a drag-and-drop machine learning tool

May 2, 2019

May 2, 2019

Microsoft today announced three new services that all aim to simplify the process of machine learning. These range from a...

‘Observation’ is a tense, atmospheric puzzler where you play a modern HAL 9000

May 24, 2019

May 24, 2019

When you watch 2001: A Space Odyssey, do you find yourself criticizing HAL 9000’s machinations and thinking, “I could do...

African e-commerce startup Jumia files for IPO on NYSE

March 12, 2019

March 12, 2019

Pan-African e-commerce company Jumia filed for an IPO on the New York Stock Exchange today per SEC documents and confirmation...

GitHub gets a package registry

May 10, 2019

May 10, 2019

GitHub today announced the launch of a limited beta of the GitHub Package Registry, its new package management service that...

Bring on the mobile weirdness

February 27, 2019

February 27, 2019

CES 2019 was a dud. It happens. Some years are more exciting than other. The world of technology ebbs and...

StarCraft II-playing AI AlphaStar takes out pros undefeated

January 25, 2019

January 25, 2019

Losing the the computer in StarCraft has been a tradition of mine since the first game came out in 1998....

Google’s newest Cloud TPU Pods feature over 1,000 TPUs

May 7, 2019

May 7, 2019

Google today announced that its second- and third-generation Cloud TPU Pods — its scalable cloud-based supercomputers with up to 1,000...

IBM brings Watson to any cloud

February 12, 2019

February 12, 2019

IBM today announced that it is freeing its Watson-branded AI services like the Watson Assistant for building conversational interfaces and Watson...

Facebook’s AI team maps the whole population of Africa

April 9, 2019

April 9, 2019

A new map of nearly all of Africa shows exactly where the continent’s 1.3 billion people live down to the...

The FT is buying another media startup: Deal Street Asia

March 29, 2019

March 29, 2019

Fresh from picking up a majority stake in Europe-based The Next Web, the Financial Times is buying another tech blog....

Europe is prepared to rule over 5G cybersecurity

February 25, 2019

February 25, 2019

The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to...

Opportunity’s last Mars panorama is a showstopper

March 13, 2019

March 13, 2019

The Opportunity Mars Rover may be officially offline for good, but its legacy of science and imagery is ongoing —...

Google remains the top open-source contributor to CNCF projects

January 17, 2019

January 17, 2019

According to the latest data from Stackalytics, a project founded by Mirantis and hosted by the OpenStack Foundation that visualizes...

Google Assistant gets more personalized through a new ‘Picks for You’ feature

May 7, 2019

May 7, 2019

In addition to Google’s plan to bring a more powerful, next-generation Google Assistant to Pixel phones, the company also introduced...

Amazon joins SpaceX, OneWeb, and Facebook in the race to create space-based internet services

April 4, 2019

April 4, 2019

Amazon is officially joining the race to create a network of satellites in low earth orbit that will provide high-speed...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *