Archive for the ‘titan security keys’ Category

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

May 16th, 2019
A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles. In a security advisory published Wednesday, Google

Posted in cybersecurity tool, FIDO U2F Security Key, Google Titan Key, Google Titan Security Keys, Online Security, password security, phishing, physical security key, titan security keys, website security | Comments (0)

Google warns Bluetooth Titan security keys can be hijacked by nearby hackers

May 15th, 2019
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers

Enlarge (credit: Google)

Google is warning that the Bluetooth Low Energy version of the Titan security key it sells for two-factor authentication can be hijacked by nearby attackers, and the company is advising users to get a free replacement device that fixes the vulnerability.

A misconfiguration in the key’s Bluetooth pairing protocols makes it possible for attackers within 30 feet to either communicate with the key or with the device it’s paired with, Google Cloud Product Manager Christiaan Brand wrote in a post published on Wednesday.

The Bluetooth-enabled devices are one variety of low-cost security keys that, as Ars reported in 2016, represent the single most effective way to prevent account takeovers for sites that support the protection. In addition to the account password entered by the user, the key provides secondary “cryptographic assertions” that are just about impossible for attackers to guess or phish. Security keys that use USB or Near Field Communication are unaffected.

Read 7 remaining paragraphs | Comments

Posted in 2FA, Biz & IT, Bluetooth Low Energy, google, titan security keys, two-factor authentication | Comments (0)