Google’s super secure Titan Security keys have a major security issue, imagine that
A security vulnerability was found in the T1 and T2 versions.
If you own Google Bluetooth Titan Security Key, you might want to head on over to Replace My Key and see if your device is part of a replacement program. That’s because of a security bug in the device that Google disclosed yesterday. This affects all Bluetooth models of the security key marked with a T1 or T2 on the back.
The keys were sold for $50 as part of a two-pack, with a standard USB/NFC key inside the same package. Google also gave them out free to journalists and other targets of online attacks to protect themselves.
The bug in the Bluetooth versions of the Titan Security Keys is a “misconfiguration in the Bluetooth pairing protocols”
That could mean an attacker taking over your device, although they’d need the stars to align to pull it off.
For the exploit to happen, an attacker would need:
- Your login name and password
- To be within 30 feet of you
- Pair to your device as soon as you press the button on the Titan Key
As you can see, that’s not going to happen unless it’s a very determined attacker, so the chances of it happening are slim. Still, Google is taking the proactive route and offering free replacements for anyone who has one of the affected Titan Security Keys. Check if your key has a T1 or T2 on the back, and then go to the site Google set up to get a replacement.
In the blog post announcing the bug, Google makes the case that it doesn’t affect the main reason to have a security key – namely phishing protection. The company says to keep on using the key until the replacement arrives, as “it is much safer to use the affected key than no key at all.”
Phew, I thought I was going to have to replace yet another Google device but mine is a version 3.
- The current antitrust case against Apple might change the face of tech forever
- Facebook says to follow its livestream rules or be banned, this is your only warning
- San Francisco becomes the first city in the U.S to ban facial recognition
- Uber is finally giving you an option to tell your driver to shut the hell up
- After delays, Steam Link finally makes its way to iOS