Security flaw found in Google's Titan Security Keys

Affected Titan Security Keys have a printed "T1" or "T2" at the bottom (image: Google).
Affected Titan Security Keys have a printed "T1" or "T2" at the bottom (image: Google).
A flaw discovered in Google's Bluetooth Low Energy Titan Security Keys leaves a hole open for potential attackers. Under certain circumstances and with proper timing, an attacker could potentially hijack the Bluetooth pairing process used by the Titan to log into a user's account. Google has offered to replace affected Titan Security Keys free of charge.
Sam Medley,

Google’s Titan Security Keys offer a convenient and secure method for securing devices that relies on two-factor authentication and some advanced Google-grown cryptography. However, Google announced yesterday that a major flaw in the Bluetooth Low Energy version of the Titan Security Key opens the small devices (and those using them) to attack.

According to Google, a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” allowed an attacker with about 30 feet the ability to communicate with both the security key and the device with which the key was pairing at the moment the key was activated. When the security key is used to log into an account, an attacker could use their own device to connect to the user’s computer and log into the account.

That said, the attacker would need to time the hack precisely and would likely need a user’s account username and password. Since the Titan Security Key’s main purpose is to prevent phishing attacks, Google has stated that even using an affected key is safer than no key at all.

Still, Google understands the potential security risks caused by the flaw and has offered to replace any T1 or T2 Bluetooth Low Energy Titan Security Keys, free of charge. Google also stated that using an NFC or USB Titan Security Key was more secure, as those keys require close physical proximity (less than an inch or a direct connection, respectively) to work.

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 05 > Security flaw found in Google's Titan Security Keys
Sam Medley, 2019-05-17 (Update: 2019-05-17)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.