Google's Bluetooth Titan Security Keys Have a Vulnerability, Free Replacement Offered

Google released a security advisory on Monday that States a security bug exists in the company’s Bluetooth Titan Security Key.

The flaw could potentially enable a person to get access to a user’s accounts or apparatus while staying in close physical proximity. The technology giant claims that this is due to a’misconfiguration’ from the keys’ Bluetooth pairing protocols, but the keys are still good at protecting users from phishing attacks.

Google will offer a free replacement crucial to all existing users. The matter is restricted to the Titan Bluetooth keys that means if you’re using the Titan USB keys, you should not worry about. To recall, Google’s Titan Security Keys to get two-factor authentication was established in August this past year.

The business further clarified in its own security advisory that an attacker will want to be within Bluetooth range (around 30 feet) to exploit the security defect. The attacker may simply make use of this misconfigured protocol if a person presses the button on the Titan Bluetooth key to trigger it. This way they’ll be able to link their device to the key before yours.

Since a user’s security key has to be paired with their apparatus before it may be properly used, an attacker may also exploit it by using their device and masking it as your security key.

Google maintains its Titan Bluetooth keys still protect users from phishing attacks and that consumers may still use them until the company ships a free replacement. In its statement, Google claims physical safety keys still supply the strongest protection against malware. Users with’T1′ or’T2′ on their Google Titan Key are qualified for a replacement.

The company which makes Google’s Titan Security Key, Feitian, has also issued a similar statement, disclosing the vulnerability as well as offering a free substitute for its users. The business also sells physical security keys under its own brand.

The vulnerability does not impact the recent feature on Android mobiles that may be used as a physical safety secret, apart from Titan USB keys.