Flaw found in Bluetooth Titan Security Keys, Google is replacing them

การสนทนาใน 'News Mobile Phone' เริ่มโดย News, 16 พฤษภาคม 2019 at 03:23

By News on 16 พฤษภาคม 2019 at 03:23
  1. News

    News Moderator ทีมงานสมาชิก

    Keep using your key for now, but grab the free replacement just in case.

    You must be registered for see links

    What you need to know

    • This only affects the Bluetooth version of the Titan Key.
    • Google is offering a free replacement for every user.
    • The key will stop working with the iOS 12.3 update.
    • The key will stop working with the June 2019 Security Patch for Android.

    Google has You must be registered for see links for users of the Bluetooth version of its You must be registered for see links that says they all need to be replaced due to a misconfiguration in the pairing protocol. Users of the affected keys have received an email with full details, but if you're unsure the affected keys are marked at T1 or T2 on the rear.

    This flaw can enable an attacker who is within 30 feet of you while you're using the key to communicate with it or with the device it is paired to. As scary as that sounds, there is a very limited potential for abuse because for it to happen:

    • The attacker already knows your username and password, and when you first pair the device they could connect after you press the pairing button, but before your device connects.
    • After pairing, the attacker could masquerade as your key at the exact time you are using it to authenticate, then configure his or her device as a Bluetooth keyboard or mouse and have access to your phone.

    You must be registered for see links

    Regardless, a flaw is a flaw and when it comes to something like a two-factor authentication key, a prompt fix and replacement are in order. That's what Google is doing. If you use an iOS device with your key, it will stop working once you update to version 12.3. if you use an Android device with your key, it will stop working with the June 2019 Security Patch. That's plenty of time to get a free replacement, which you can do by visiting You must be registered for see links.

    In the meantime, Google has some suggestions for you. First of all, do not disable two-factor-authentication. Your backup method of authenticating will still work as it always did and NFC/USB keys are not affected in any way. Google has a few suggestions for those who use the affected Bluetooth keys. Always use it in a private place where nobody is within 30 feet of you, and once you've signed into your device with it, unpair it through the device settings. If you need to use it again, repair it and unpair when you're finished.

    You must be registered for see links


    While the scenarios where an attacker could get access via this flaw are very specific, security is paramount. these keys need to be replaced right away, and it's great to see Google eating the loss instead of trying to work around it. If you use a Titan BLE key, be sure to get your free replacement and follow the safe practices outlined above in the meantime. Stay safe out there.

    2FA Security

    Titan Security Key Bundle


    You must be registered for see links

    You must be registered for see links

    Made by Google

    In a perfect world, we wouldn't need to care about security, but in this world we do. The Titan key makes it easier to go the extra mile that 2FA brings for everyone with a smartphone.

    You must be registered for see links
     

ความคิดเห็น

การสนทนาใน 'News Mobile Phone' เริ่มโดย News, 16 พฤษภาคม 2019 at 03:23

แบ่งปันหน้านี้