Skip to main content
  1. Home
  2. Computing
  3. News

Google recalls Titan Security Key due to hijack risk

By

Google has offered free replacements to owners of the Bluetooth Low Energy version of the Titan Security Key, after a vulnerability was discovered in the device.

Google introduced the Titan Security Key at its Cloud Next ’18 convention as a physical USB device that eliminated the need to input usernames and passwords. The security key is easy to set up, taking only a few minutes to provide better protection against phishing attacks compared to other two-step authentication methods.

Recommended Videos

The technology was developed by Google and Yubico, which also helped build a security key with a Bluetooth Low Energy component. Yubico, however, decided not to release such a product because it did not meet the company’s standards for “security, usability, and durability,” and that it was not as secure as NFC and USB.

Related

Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired.

The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. In addition, the process of taking advantage of the misconfiguration is difficult. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device.

Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so.

The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The free replacement may be requested through Google’s dedicated website for the recall.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Google is making Android devices work better together with expanded Fast Pairing
google fast pairing android features multi device experiences

Google is moving boldly into 2022 with new features designed to bring all the devices in your life into harmony around your Android smartphone of choice. The company made number of announcements at CES 2022 to help make your devices and accounts work more seamlessly.
Fast Pair everything
Android’s Fast Pair technology already helps you get up and running with Bluetooth accessories like headphones and speakers, but now Google is expanding it beyond audio connectivity to add a whole collection of new devices.

This means that in the coming months you’ll be able to use Fast Pair to quickly link up your headphones with your Chromebook, Google TV, or other Android TV OS device, add Matter-enabled Smart Home devices to your network, and even automatically switch your Bluetooth headphone audio based on the device you’re listening to.

Read more
Google adds a private locked photos folder to iPhones for ‘personal’ photos
Google Photos logo.

Google Photos will soon let iPhone and Android users save their photos behind a biometrically protected locked folder as Google pushes for greater privacy features on mobile. It's a nice way to get some peace of mind and keep sensitive personal photos off the cloud.

Locked Folder is a feature Google introduced for Pixels earlier this year that lets them hide sensitive photos out of view. If a photo is hidden away behind a "locked folder," it won't show up. It's a lot like the hidden album feature on iOS, iPadOS, and macOS, but with the benefit of password or biometric protection.  Images in the locked folder also aren't synced to Google Photos, but restricted to the device used. Locked Folder will come to iPhones early next year, while non-Pixel Android users will have it sometime "soon."

Read more
5 easy ways to dramatically increase security in Google Chrome
A MacBook with Google Chrome loaded.

If you're one of many people who use Chrome as your default web browser, then you might want to take some steps to ensure that it's extra secure. This can help you in a world where hackers are always after passwords and can easily spoof websites to look like the real thing.

Well, Google has a lot of tools built right into Chrome that can help with that protection. From Safe Browsing to encrypting passwords and more, we got you covered with five easy ways to dramatically increase security in Google Chrome.
Change your Safe Browsing settings

Read more