Google Published a security advisory on Monday that States a security bug exists in the Organization’s Bluetooth Titan Security Key.
The defect could potentially enable a person to gain access to a user’s account or apparatus whilst remaining in close physical proximity. The technology giant asserts that this is a result of a’misconfiguration’ in the keys’ Bluetooth pairing protocols, however, the keys are still good at protecting users from phishing attacks.
Google will provide a free replacement crucial to all existing users. The matter is limited to the Titan Bluetooth keys that means if you’re using the Titan USB keys, then you shouldn’t be worried. To recall, Google’s Titan Security Keys for two-factor authentication had been established in August this past year.
The business further clarified in its security advisory that an attacker will need to be within Bluetooth range (approximately 30 feet) to exploit the security defect. The attacker may simply make use of the misconfigured protocol when a user presses the button on the Titan Bluetooth key to activate it. This way they will have the ability to connect their device to the key before yours.
Since a user’s security key has to be paired using their device before it may be properly used, an attacker may also exploit this by using their apparatus and masking it as your security key. However, for all this to be exploited, the attacker must also know your credentials.
Google asserts that its Titan Bluetooth keys nevertheless protect users from phishing attacks and that consumers can still use them before the company ships a free replacement. In its statement, Google maintains physical security keys still offer the strongest protection against malware. Users with’T1′ or’T2′ in their Google Titan Key are eligible for a replacement.
The company that makes Google’s Titan Security Key, Feitian, has also issued a similar statement, revealing the vulnerability as well as offering a free substitute for its own users. The company also sells physical security keys under its own brand.
The vulnerability does not affect the current feature on Android phones that may be utilized as a physical safety key, besides Titan USB keys.