Microsoft has found a vulnerability in Google’s Bluetooth Titan Security Keys. The issue seems to be very serious as Google announced it would replace the keys for free. A misconfiguration was found in the keys’ Bluetooth pairing protocols, Google said. What this means is that an attacker can access your account or device under specific circumstances. But the situation is dangerous enough. The vulnerability was also disclosed by Feitian- the company that manufactures the Google Titan Key and also sells these keys under its own brand name.
Security and its mounting vulnerabilities
Google is actually disclosing two vulnerabilities. Firstly, it’s an issue with proximity. If you press your button to authenticate- and if an attacker is within the 30-foot Bluetooth Low Energy range, then he can connect his device to your key. The second possibility of an attacker gaining access is when you pair the key for the first time. Google says an attacker could “masquerade as your affected security key and connect to your device.” He would then have access to your device.
The Titan Security Keys are the crusade for Google’s two-factor authentication. However, when it pushes for higher security, it’s bound to have potential vulnerabilities like this incident. If your attacker was aware of this vulnerability and was around the precise moment you connect it, then you’re certainly under threat. Those are a lot of ‘ifs’, but Google isn’t holding back and has promised replacement T1 and T2 Titan Security Keys.
AirAsia collaborating with Google Cloud to provide digital skills training in Malaysia
Google delays 30% cut policy to April 2020 exclusively for India
Indian startups to collaborate for an indigenous app store to fight Google monopoly
APAC Retailers Can Now List Their Products on Google For Free
Google follows Apple, enforcing stricter Play Store payment rules in India
© 2020 CIO Bulletin. All rights reserved.