Security flaw found in Google's Titan Security Keys

Affected Titan Security Keys have a printed "T1" or "T2" at the bottom (image: Google).

A flaw discovered in Google's Bluetooth Low Energy Titan Security Keys leaves a hole open for potential attackers. Under certain circumstances and with proper timing, an attacker could potentially hijack the Bluetooth pairing process used by the Titan to log into a user's account. Google has offered to replace affected Titan Security Keys free of charge.

Sam Medley, Published 05/17/2019

Google’s Titan Security Keys offer a convenient and secure method for securing devices that relies on two-factor authentication and some advanced Google-grown cryptography. However, Google announced yesterday that a major flaw in the Bluetooth Low Energy version of the Titan Security Key opens the small devices (and those using them) to attack.

According to Google, a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” allowed an attacker with about 30 feet the ability to communicate with both the security key and the device with which the key was pairing at the moment the key was activated. When the security key is used to log into an account, an attacker could use their own device to connect to the user’s computer and log into the account.

That said, the attacker would need to time the hack precisely and would likely need a user’s account username and password. Since the Titan Security Key’s main purpose is to prevent phishing attacks, Google has stated that even using an affected key is safer than no key at all.

Still, Google understands the potential security risks caused by the flaw and has offered to replace any T1 or T2 Bluetooth Low Energy Titan Security Keys, free of charge. Google also stated that using an NFC or USB Titan Security Key was more secure, as those keys require close physical proximity (less than an inch or a direct connection, respectively) to work.

Source(s)

Google Security Blog

TikTok for iOS is monitoring user input (Source: Cybernews)

TikTok is monitoring all keyboard inputs and taps on iOS 08/20/2022

Android 2.3.7 Gingerbread was released in September 2011 (Source: Techzim)

Google will drop devices still on Android 2.3.7 and earlier in September 08/02/2021

The exploit is introduced via a seemingly harmless blank email. (Image Source: zecOps)

Apple's iPhone and iPad devices have been plagued by serious vulnerabilities since 2018, security analyst reports 04/23/2020

The iPhone X can be cracked by Cellebrite's tool. (Source: Business Insider)

Cybersecurity experts: Android phones may now be more secure than iPhones 01/31/2020

The illegal streaming websites iStreamItAll and Jetflicks have been shut down by the FBI and DoJ. (Image: iStreamItAll splash page)

FBI shuts down 2 illegal streaming sites, one of which is bigger than Netflix, Amazon Prime, and Hulu combined 12/16/2019

If any of these app icons are on your iPhone or iPad, uninstall them immediately. (Image via Wandera)

Trojan malware found in 17 apps on Apple App Store 10/25/2019

Hackers attacked NASA's Jet Propulsion Lab via a Raspberry Pi, stole 500 MB of mission data 06/23/2019

The new Reolink E1 Pro. (Source: Reolink)

Reolink releases a new Wi-Fi home security-cam with 355-degree pan and 50-degree tilt for under US$60 06/07/2019

CooTek hid BeiTaAd within over 200 apps on Google Play Store like TouchPal

BeiTaAd adware found in over 200 Android apps on the Google Play Store 06/05/2019

Massive data breach may have affected millions of Instagram users, including some major influencers 05/20/2019

The Reolink Go wireless security camera. (Source: Reolink)

The Reolink Go wireless 4G LTE security camera is now available worldwide 05/18/2019

New ZombieLoad attack can exploit all Intel chips dating back to 2011 05/14/2019

Microsoft has developed ElectionGuard in an attempt to make democratic processes more secure. (Source: In.gov)

Microsoft announces new solution to safeguard electronic voting systems 05/09/2019

Linux kernel 5.1 update now live (Source: OMG! Ubuntu!)

The Linux kernel update 5.1 comes with live patching, multiple performance and security improvements 05/07/2019

Morpheus can randomize parts of its code 20 times per second, making it virtually impervious even to the most advanced electronic hacking tools. (Source: New Atlas)

Unhackable Morpheus CPU architecture announced by University of Michigan 05/07/2019

Dell has really dropped the ball here. (Image source: Dell)

Dell laptops confirmed to be affected by serious SupportAssist security flaw 05/03/2019

Vade Secure's Phisher's Favorites rankings for 1Q2019. (Source: Vade Secure)

Phishing on social media sites increased by nearly 75% in the 1st quarter of 2019 05/02/2019

The OnePlus 5 and 5T have a new official update. (Source: YouTube)

Latest stable update for OnePlus 5/5T brings April security patch, fixes some things 04/27/2019

Android Q's Scoped Storage feature delayed until Android R in 2020 04/27/2019

Six Android apps on Google's Play Store found to secretively harvest data from users 04/27/2019

Hero to villain: Security researcher responsible for stopping WannaCry pleads guilty to malicious hacking charges 04/23/2019

HP introduces Sure Sense anti-virus software powered by deep learning (Source: HP)

HP introduces Sure Sense anti-virus software powered by deep learning 04/16/2019

Peel Smart Remote app has been secretly uploading user camera pictures to an unknown server (Image source: Peel Technologies)

Peel Smart Remote app has been secretly uploading user camera pictures to an unknown server 04/09/2019

Razer is now working on a fix for the affected models released prior to 2016. (Source: Razer)

Razer's laptops confirmed to be affected by critical vulnerability 04/09/2019

Loading Comments

Comment on this article

The OnePlus 6 and 6T will get Zen M...

TinyPICO: The mighty ESP32 developm...

Sam Medley - Senior Tech Writer - 1344 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 05 > Security flaw found in Google's Titan Security Keys

Sam Medley, 2019-05-17 (Update: 2019-05-17)

Security flaw found in Google's Titan Security Keys

Source(s)

Related Articles