Google Will Replace Titan Security Key Over a Bluetooth Flaw

Forums Startups News (Startup) Google Will Replace Titan Security Key Over a Bluetooth Flaw

Tagged: 

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • December 4, 2019 at 3:18 am #37103
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        Google Will Replace Titan Security Key Over a Bluetooth Flaw
        Google will replace any Titan BLE branded security key, after disclosing th

        Auto extracted Text……

        As part of its expanded google-safe-browsing-oral-history/?intcid=inline_amp”>anti-phishing and account security measures, Google offers extensive support for physical authentication tokens.
        In a surprising setback, though, the company announced today that it has discovered a vulnerability in the Bluetooth version of its own Titan Security Key—which pairs to devices through the wireless Bluetooth Low Energy protocol, rather than through NFC or physical insertion into a port.
        Anyone can use the dongles with their Google accounts for an extra layer of protection, but they’re especially favored by users at particular risk of having their accounts targeted by attackers, like public figures, human rights activists, and political dissidents.
        Google specifically recommends the BLE dongles for its Advanced Protection Program, which offers even more aggressive account protections.
        The “misconfiguration,” as Google calls it, would allow an attacker who gets within 30 feet of someone using a security key to communicate with that key or with the device the key is paired to.
        If successful, though, an attacker that already had the target’s username and password could then sign into the victim’s Google account on their own device.
        Additionally, once the attacker paired to the target’s Bluetooth key, Google suggests that they could also pull a sort of bait-and-switch as the victim attempts again to connect a device to their Bluetooth dongle.
        With the right timing, they could trick the victim’s laptop, for instance, into pairing with their own Bluetooth dongle rather than the Titan key, thus gaining access to both a user’s Google account and that computer.
        Those possibilities make this a serious enough bug that Google will replace any Titan BLE-branded security key that is linked to a Google account.
        After all, without that extra layer of defense, an attacker who already has the username and password for a victim’s Google account wouldn’t need to do any fancy hacking to gain access

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.