Yubico, Google's competitor in the security key space, criticized Google for launching a Bluetooth-enabled security key. The large number of security flaws found in Bluetooth-enabled devices in recent years has raised questions of whether the technology is safe. Google has more specific instructions for iOS and Android devices, which you can read here.
Just take extra precautions, such as using your security key away from other people and immediately unpairing it after you sign-in to your Google account. Google warns that even a key with a security bug is safer than using no key at all. If your Titan Security Key has a "T1" or "T2" on the back of it, it means it has the security bug and is eligible for a replacement from Google.īut even if your Titan Security Key has the bug, don't stop using it while waiting for a replacement.
Only the Bluetooth Low Energy (BLE) model is impacted. Not all Titan Security Keys have the bug, which Google says is due to a misconfiguration in the key's Bluetooth pairing protocols.
In this scenario, the attacker could then use their device to act as your security key and access your device. The attacker would have to be within 30 feet of you during the moment you press the button on your Titan Key to activate it, and also know your username and password. No need to panic - the bug only seems to apply to a very narrow set of circumstances, according to a blog post published by Google on Wednesday. Google is recalling its Bluetooth Titan security keys due to a vulnerability that could allow attackers to connect to your device.
0 kommentar(er)
