Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Security flaw found in Google's Titan Security Keys

Affected Titan Security Keys have a printed "T1" or "T2" at the bottom (image: Google).
Affected Titan Security Keys have a printed "T1" or "T2" at the bottom (image: Google).
A flaw discovered in Google's Bluetooth Low Energy Titan Security Keys leaves a hole open for potential attackers. Under certain circumstances and with proper timing, an attacker could potentially hijack the Bluetooth pairing process used by the Titan to log into a user's account. Google has offered to replace affected Titan Security Keys free of charge.
Sam Medley,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Google’s Titan Security Keys offer a convenient and secure method for securing devices that relies on two-factor authentication and some advanced Google-grown cryptography. However, Google announced yesterday that a major flaw in the Bluetooth Low Energy version of the Titan Security Key opens the small devices (and those using them) to attack.

According to Google, a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” allowed an attacker with about 30 feet the ability to communicate with both the security key and the device with which the key was pairing at the moment the key was activated. When the security key is used to log into an account, an attacker could use their own device to connect to the user’s computer and log into the account.

That said, the attacker would need to time the hack precisely and would likely need a user’s account username and password. Since the Titan Security Key’s main purpose is to prevent phishing attacks, Google has stated that even using an affected key is safer than no key at all.

Still, Google understands the potential security risks caused by the flaw and has offered to replace any T1 or T2 Bluetooth Low Energy Titan Security Keys, free of charge. Google also stated that using an NFC or USB Titan Security Key was more secure, as those keys require close physical proximity (less than an inch or a direct connection, respectively) to work.

static version load dynamic
Loading Comments
Comment on this article
Sam Medley
Sam Medley - Senior Tech Writer - 1131 articles published on Notebookcheck since 2016
I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.
contact me via: @samuel_medley
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 05 > Security flaw found in Google's Titan Security Keys
Sam Medley, 2019-05-17 (Update: 2019-05-17)