What you need to know
- This only affects the Bluetooth version of the Titan Key.
- Google is offering a free replacement for every user.
- The key will stop working with the iOS 12.3 update.
- The key will stop working with the June 2019 Security Patch for Android.
Google has issued an advisory for users of the Bluetooth version of its Titan Security Key that says they all need to be replaced due to a misconfiguration in the pairing protocol. Users of the affected keys have received an email with full details, but if you're unsure the affected keys are marked at T1 or T2 on the rear.
This flaw can enable an attacker who is within 30 feet of you while you're using the key to communicate with it or with the device it is paired to. As scary as that sounds, there is a very limited potential for abuse because for it to happen:
- The attacker already knows your username and password, and when you first pair the device they could connect after you press the pairing button, but before your device connects.
- After pairing, the attacker could masquerade as your key at the exact time you are using it to authenticate, then configure his or her device as a Bluetooth keyboard or mouse and have access to your phone.
Regardless, a flaw is a flaw and when it comes to something like a two-factor authentication key, a prompt fix and replacement are in order. That's what Google is doing. If you use an iOS device with your key, it will stop working once you update to version 12.3. if you use an Android device with your key, it will stop working with the June 2019 Security Patch. That's plenty of time to get a free replacement, which you can do by visiting google.com/replacemykey.
In the meantime, Google has some suggestions for you. First of all, do not disable two-factor-authentication. Your backup method of authenticating will still work as it always did and NFC/USB keys are not affected in any way. Google has a few suggestions for those who use the affected Bluetooth keys. Always use it in a private place where nobody is within 30 feet of you, and once you've signed into your device with it, unpair it through the device settings. If you need to use it again, repair it and unpair when you're finished.
While the scenarios where an attacker could get access via this flaw are very specific, security is paramount. these keys need to be replaced right away, and it's great to see Google eating the loss instead of trying to work around it. If you use a Titan BLE key, be sure to get your free replacement and follow the safe practices outlined above in the meantime. Stay safe out there.
Made by Google
In a perfect world, we wouldn't need to care about security, but in this world we do. The Titan key makes it easier to go the extra mile that 2FA brings for everyone with a smartphone.
Everything you need to know about the Huawei P40 and P40 Pro
Huawei is getting ready to enter 2020 with a splash thanks to its upcoming P40 and P40 Pro smartphones. Here's everything we know about the phones' specs, design, release, and more.
Why aren't you getting the Galaxy S20?
The Galaxy S20 is an impressive phone, but it's also not for everyone. Recently, a lot of our AC forum members got to talking about why they won't be upgrading to it.
The HyperX Cloud Flight S is an amazing wireless headset with a boring mic
HyperX has made a range of good headsets, and now the company is introducing the Cloud Flight S to the lineup. After having the chance to test it out, it's easily my new favorite.
Even though the Pixel 2 is old, you'll want to protect it with these cases
Whether you love the Pixel 2's design or are simply looking for drop protection for your new phone, there's a case that's perfect for you.