Security Bug Discovered in Google’s Titan Security keys, Provides Free Replacement

A security
bug in Google’s Titan Security Key which can potentially allow fraudsters
located nearby to bypass the security provided by the key. While the company
provided a replacement key for free to all the already existing users, it
blamed a “misconfiguration in the Titan Security Keys’ Bluetooth pairing
protocols” for the security bug.
Although the
defected keys are reported to be still protecting against phishing attacks, the company decided to provide a replacement key regardless. The affected keys include
all those which are sold in packages priced a $50; it also includes a usual NFC/USB
In order to
exploit the security bug, the fraudsters need to in a Bluetooth range of around
30 feet, he is supposed to act promptly as the victim activates the key by
pressing the button, then the fraudsters can employ falsely configured protocol
to intercept your device’s connection to the key and connect theirs instead. Then
given, they would be having access to your username and password, they would be
able to log in to the victim’s account.
Google has
given students to ensure that the bug does not intercept the security key’s
ultimate purpose that is to provide security against phishing attacks; Google
also urged the users worldwide to keep utilizing the keys until a replacement
is provided.
In an
announcement, the company said, “It is much safer to use the affected key
instead of no key at all. Security keys are the strongest protection against
phishing currently available,”
Around the time when Google launched its Titan keys, Stina Ehrensvärd, Yubico
founder, wrote, “While Yubico previously initiated the development of a BLE
security key, and contributed to the BLE U2F standards work, we decided not to
launch the product as it does not meet our standards for security, usability
and durability,”

Share this with Your friends:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *