Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
135388 ARSTECHNICA 2019-5-15:
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers
1.000 Find similar Compare side-by-side
135610 THENEXTWEB 2019-5-16:
Google’s Titan Security Keys can be hijacked remotely, replace yours now
0.936 0.721 Find similar Compare side-by-side
135460 VENTUREBEAT 2019-5-15:
Google uncovers Bluetooth vulnerability in Titan Security Key
0.983 0.689 Find similar Compare side-by-side
135366 TECHCRUNCH 2019-5-15:
Google discloses security bug in its Bluetooth Titan Security Keys, offers free replacement
0.984 0.688 Find similar Compare side-by-side
135421 THEVERGE 2019-5-15:
Google is replacing Bluetooth Titan Security Keys because of a vulnerability
0.981 0.664 Find similar Compare side-by-side
135313 ENGADGET 2019-5-15:
Google recalls some Titan security keys after finding Bluetooth vulnerability
0.988 0.629 Find similar Compare side-by-side
135818 ENGADGET 2019-5-18:
Google stats show how much a recovery number prevents phishing
0.498 Find similar Compare side-by-side
135163 THENEXTWEB 2019-5-14:
No, end-to-end encryption isn’t a marketing gimmick
0.380 Find similar Compare side-by-side
135295 TECHCRUNCH 2019-5-14:
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
0.322 Find similar Compare side-by-side
135522 TECHREPUBLIC 2019-5-16:
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
0.318 Find similar Compare side-by-side
135209 THEVERGE 2019-5-14:
Facebook reenables ‘View as Public’ feature following 2018 security issue
0.316 Find similar Compare side-by-side
135225 THENEXTWEB 2019-5-14:
The WhatsApp hack proves security should trump consumer choice
0.307 Find similar Compare side-by-side
135737 THEVERGE 2019-5-17:
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
0.294 Find similar Compare side-by-side
135622 VENTUREBEAT 2019-5-16:
ProtonMail brings anti-phishing ‘link confirmation’ to emails, fingerprint unlocking to Android
0.291 Find similar Compare side-by-side
135199 THENEXTWEB 2019-5-14:
PSA: Update WhatsApp now to prevent spyware from being installed on your phone
0.288 Find similar Compare side-by-side
135584 TECHCRUNCH 2019-5-16:
Openfinance opens up US trading of third-party digital assets
0.282 Find similar Compare side-by-side
135673 ARSTECHNICA 2019-5-17:
Guidemaster: Ars picks the best wireless keyboards you can buy in 2019
0.281 Find similar Compare side-by-side
134964 TECHCRUNCH 2019-5-13:
WhatsApp exploit let attackers install government-grade spyware on phones
0.268 Find similar Compare side-by-side
135613 VENTUREBEAT 2019-5-16:
Openfinance To Become First Digital Security Platform To Allow U.S. Investors to Trade Third-Party Digital Assets on Secondary Market
0.265 Find similar Compare side-by-side
135365 VENTUREBEAT 2019-5-14:
Google Cloud partners with Stella McCartney to pilot supply chain tracking tools
0.262 Find similar Compare side-by-side
135379 TECHREPUBLIC 2019-5-15:
How to create a secure website: 4 tips
0.252 Find similar Compare side-by-side
135704 TECHCRUNCH 2019-5-17:
Powerbeats Pro are the Bluetooth earbuds to beat
0.251 Find similar Compare side-by-side
135811 ARSTECHNICA 2019-5-18:
>20,000 Linksys routers leak historic record of every device ever connected
0.250 Find similar Compare side-by-side
135010 THENEXTWEB 2019-5-13:
Google forces Nest users to use Google accounts, raising privacy concerns
0.249 Find similar Compare side-by-side
135338 TECHREPUBLIC 2019-5-15:
Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown
0.248 Find similar Compare side-by-side

1

ID: 135388

URL: https://arstechnica.com/information-technology/2019/05/google-warns-bluetooth-titan-security-keys-can-be-hijacked-by-nearby-hackers/

Date: 2019-05-15

Google warns Bluetooth Titan security keys can be hijacked by nearby hackers

Attackers can connect their own device to Bluetooth-enabled keys used for 2fa. Google is warning that the Bluetooth Low Energy version of the Titan security key it sells for two-factor authentication can be hijacked by nearby attackers, and the company is advising users to get a free replacement device that fixes the vulnerability. A misconfiguration in the keys Bluetooth pairing protocols makes it possible for attackers within 30 feet to either communicate with the key or with the device its paired with, Google Cloud Product Manager Christiaan Brand wrote in a post published on Wednesday. The attack described by Brand involves hijacking the pairing process when an attacker within 30 feet carries out a series of events in close coordination: For the account takeover to succeed, the attacker would also have to know the targets username and password. To tell if a Titan key is vulnerable, check the back of the device. If it has a T1 or T2, its susceptible to the attack and is eligible for a free replacement. Brand said that security keys continued to represent one of the most meaningful ways to protect accounts and advised that people continue to use the keys while waiting for a new one. Titan security keys sell for $50 in the Google Store. While people wait for a replacement, Brand recommended that users use keys in a private place thats not within 30 feet of a potential attacker. After signing in, users should immediately unpair the security key. An Android update scheduled for next month will automatically unpair Bluetooth security keys so users wont have to do it manually. Brand said that iOS 12.3, which Apple started rolling out on Monday, wont work with vulnerable security keys. This has the unfortunate result of locking people out of their Google accounts if they sign out. Brand recommended people not sign out of their account. A good safety measure would be to use a backup authenticator app, at least until a new key arrives, or to skip Brands advice and simply use an authenticator app as the primary means of two-factor authentication. This episode is unfortunate since, as Broad notes, physical security keys remain the strongest protection currently available against phishing and other types of account takeovers. Wednesdays disclosure prompted social media pile-ons from critics of Bluetooth for security-sensitive functions. Like, what kind of idiot protocol lets users negotiate a maximum key size that can be as small as 1 byte. (A default that, fortunately, should be higher in recent versions.) The threat of having the key hijacked and the current incompatibility with the latest release of iOS are sure to generate further user resistance to using the BLE-based keys. The threat also helps explain why Apple and alternative key maker Yubico have long refused to support BLE-enabled keys.