News

Google recalls all Titan Security Key hardware keys due to leak

By admin
Spread the love

Google is offering a replacement to all users of the Bluetooth version of its Titan Security Key, as it has identified a vulnerability that cannot be repaired. The vulnerability allows an attacker to connect the USB device to its own hardware.

The vulnerability is in the software that takes care of the Bluetooth pairing of the Titan, says Google. The moment users press the button to pair, an attacker who is within the bluetooth range of the USB device can pair it with their own hardware. If that attacker also has the user’s username and password, they can log in.

Also, an attacker can impersonate a Titan Security Key and pair with the user’s device, which can then log in as a bluetooth keyboard and do things on the device. The vulnerability has crept in due to a ‘misconfiguration’ of the pairing protocol. Hardware key users can go to a Google site to request a replacement.

That replacement is needed because the hardware key no longer works on iOS 12.3 and will be disabled on Android with the upcoming June patch. As a result, users can no longer access their account. It is unknown how many copies of the Titan Security Key are in circulation. Google has been selling the keys based on the FIDO standard since the summer of last year.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck