Titan keys have been called back by Google

[LukeSavenije]

Source: Tweakers (Dutch)

 

Google offers all users of the bluetooth version of its Titan Security Key a replacement, because it has found a vulnerability that cannot be repaired. Due to the vulnerability, an attacker could connect the USB device with its own hardware.

 

Quote

Titan Security Key The vulnerability is in the software that takes care of the Bluetooth pairing of the Titan, says Google. The moment users press the button to pair, an attacker who is within the Bluetooth range of the USB device can pair it with their own hardware. If that attacker also has the user's username and password, he can log in.

An attacker can also act as a Titan Security Key and pair with the user's device, after which he can report as a Bluetooth keyboard and do things on the device. The vulnerability has crept in because of a 'misconfiguration' of the pairing protocol. Users of the hardware key can go to a Google site to request a replacement copy.

That replacement copy is needed, because the hardware key no longer works on iOS 12.3 and will be disabled on Android with the coming patch in June. As a result, users can no longer enter their account. It is unknown how many copies of the Titan Security Key are in circulation. Google has been selling the keys based on the FIDO standard since the summer of last year.

 

[LukeSavenije]

2 minutes ago, ReggieGRS said:

You trying to get on techlinked again?

or wan

 

whichever they prefer

[RobFRaschke]

21 minutes ago, LukeSavenije said:

or wan

 

whichever they prefer

This is a pretty big story actually, might make both.

[LukeSavenije]

Just now, RobFRaschke said:

This is a pretty big story actually, might make both.

who knows... this is actually one of the two big leaks i found today...

 

it's a shockingly vulnerable world, tech

[RobFRaschke]

2 minutes ago, LukeSavenije said:

who knows... this is actually one of the two big leaks i found today...

 

it's a shockingly vulnerable world, tech

Only if you're on the internets or leave the house...

[LukeSavenije]

Just now, ReggieGRS said:

Maybe they'll mention you by name

Would be tun to watch them pronounce it

you know... i'll help them

 

@LinusTech it's Luke Sa-vi-nehe

[Mihle]

If I was an engineer, I would never have used Bluetooth for something that had to do with security...

[LukeSavenije]

11 minutes ago, Mihle said:

If I was an engineer, I would never have used Bluetooth for something that had to do with security...

what then? usb?

[Guest]

3 hours ago, ReggieGRS said:

You trying to get on techlinked again?

HUGE SECURITY FLAW RECALL BY GOOGLE - WORLD ENDING? 

[Fnige]

3 hours ago, LukeSavenije said:

you know... i'll help them

 

@LinusTech it's Luke Sa-vi-nehe

Just watch them say it wrong on purpose

[FezBoy]

7 hours ago, LukeSavenije said:

what then? usb?

NFC or USB.  Never Bluetooth. 

[Fnige]

16 hours ago, VegetableStu said:

Luke Sandwitch

Luke Seven-je