An attacker must first be physically close to the key – within approximately 30 feet. The vulnerability stems from a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, said Brand.ĭespite Google’s recall of the device, exploit of the key protocol pairing flaw appears to be non-trivial. “Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing.” “This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected,” said Christiaan Brand, product manager with Google Cloud, in a Wednesday post. Specifically impacted is the version of the Titan Security Key with Bluetooth Low Energy (BLE) – not the NFC version of the security keys. market last August, is a USB dongle that offers an added layer of security features for Google accounts, such as two-factor authentication and protections from phishing attacks.
Google’s Titan Security Key, launched in the U.S. Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device.
0 kommentar(er)
