Google released a security advisory on Monday that States a security bug exists at the Organization’s Bluetooth Titan Security Key.
The flaw could potentially enable a person to get access to a user’s account or device whilst staying in close physical proximity. The technology giant claims this is a result of a’misconfiguration’ from the keys’ Bluetooth pairing protocols, but the keys are still great at protecting users from phishing attacks.
Google will offer a free replacement key to all current users. The issue is restricted to the Titan Bluetooth keys which means if you’re using the Titan USB keys, then you shouldn’t worry about. To remember, Google’s Titan Security Keys for two-factor authentication was established in August this past year.
The company further clarified in its security advisory that an attacker will need to be within Bluetooth range (approximately 30 ft ) to exploit the security defect. The attacker may only make use of this misconfigured protocol if a person presses the button on the Titan Bluetooth key to trigger it. This way they’ll have the ability to connect their device to the key before yours.
Since an individual’s security key must be paired using their device before it may be used, an attacker could also exploit it by using their device and masking it as your safety key.
Google asserts its Titan Bluetooth keys still protect users against phishing attacks and that users can still use them until the company ships a free replacement. In its statement, Google maintains physical safety keys still supply the strongest protection against malware. Users with’T1′ or’T2′ on their Google Titan Key are qualified for a replacement.
The company which makes Google’s Titan Security Key, Feitian, has also issued a comparable announcement , disclosing the vulnerability as well as offering a free substitute for its users. The company also sells physical security keys under its own brand.
The vulnerability does not affect the current feature on Android phones which may be used as a physical security secret, besides Titan USB keys.