Google's Bluetooth Titan Security Keys Have a Vulnerability, Free Replacement Offered

The security flaw doesn't affect Titan USB keys.

By Harpreet Singh | Updated: 16 May 2019 14:51 IST

Google's Bluetooth Titan Security Keys Have a Vulnerability, Free Replacement Offered

Photo Credit: Google

Google Titan keys with 'T1' or 'T2' will be replaced for free

Highlights

Google will offer a free replacement to all existing users
The security flaw affects only Bluetooth Titan security keys
An attacker must be in close physical proximity to exploit the flaw

Google released a security advisory on Monday that says a security bug exists in the company's Bluetooth Titan Security Key. The flaw could potentially enable someone to gain access to a user's account or device while remaining in close physical proximity. The tech giant claims this is a result of a 'misconfiguration' in the keys' Bluetooth pairing protocols, however, the keys are still great at protecting users against phishing attacks.

Google will offer a free replacement key to all existing users. The issue is limited to the Titan Bluetooth keys which means if you're using the Titan USB keys, you shouldn't be worried. Google sells its Titan Bluetooth keys for $50 (roughly Rs. 3,500). To recall, Google's Titan Security Keys for two-factor authentication had been launched in August last year.

The company further explained in its security advisory that an attacker will need to be within Bluetooth range (around 30 feet) to exploit the security flaw. The attacker can only make use of the misconfigured protocol when a user presses the button on the Titan Bluetooth key to activate it. This way they'll be able to connect their device to the key before yours.

Since a user's security key must be paired with their device before it can be used, an attacker could also exploit this by using their device and masking it as your security key. But for all this to be exploited, the attacker must also know your credentials.

Google maintains that its Titan Bluetooth keys still protect users against phishing attacks and that users can still use them until the company ships a free replacement. In its announcement, Google claims physical security keys still offer the strongest protection against phishing. Users with 'T1' or 'T2' on their Google Titan Key are eligible for a replacement.

The company which makes Google's Titan Security Key, Feitian, has also issued a similar statement, disclosing the vulnerability as well as offering a free replacement for its users. The company also sells physical security keys under its own brand.

The vulnerability doesn't affect the recent feature on Android phones that can be used as a physical security key, apart from Titan USB keys.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Google Titan, Titan Security Key

Harpreet Singh

Email Harpreet

Harpreet is the community manager at Gadgets 360. He loves all things tech, and can be found hunting for good deals when he is not shopping online. He has written about deals and e-commerce in India for many years, as well as covering social media and breaking technology news. More