Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
135421 THEVERGE 2019-5-15:
Google is replacing Bluetooth Titan Security Keys because of a vulnerability
1.000 Find similar Compare side-by-side
135366 TECHCRUNCH 2019-5-15:
Google discloses security bug in its Bluetooth Titan Security Keys, offers free replacement
0.993 0.798 Find similar Compare side-by-side
135313 ENGADGET 2019-5-15:
Google recalls some Titan security keys after finding Bluetooth vulnerability
0.990 0.788 Find similar Compare side-by-side
135460 VENTUREBEAT 2019-5-15:
Google uncovers Bluetooth vulnerability in Titan Security Key
0.983 0.781 Find similar Compare side-by-side
135610 THENEXTWEB 2019-5-16:
Google’s Titan Security Keys can be hijacked remotely, replace yours now
0.971 0.736 Find similar Compare side-by-side
135388 ARSTECHNICA 2019-5-15:
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers
0.981 0.673 Find similar Compare side-by-side
135818 ENGADGET 2019-5-18:
Google stats show how much a recovery number prevents phishing
0.496 Find similar Compare side-by-side
135163 THENEXTWEB 2019-5-14:
No, end-to-end encryption isn’t a marketing gimmick
0.414 Find similar Compare side-by-side
135225 THENEXTWEB 2019-5-14:
The WhatsApp hack proves security should trump consumer choice
0.358 Find similar Compare side-by-side
135199 THENEXTWEB 2019-5-14:
PSA: Update WhatsApp now to prevent spyware from being installed on your phone
0.357 Find similar Compare side-by-side
135522 TECHREPUBLIC 2019-5-16:
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
0.351 Find similar Compare side-by-side
135118 THEVERGE 2019-5-14:
ZombieLoad attack lets hackers steal data from Intel chips
0.345 Find similar Compare side-by-side
135152 THENEXTWEB 2019-5-14:
BitDefender researchers discover terrifying security vulnerability in Intel CPUs
0.343 Find similar Compare side-by-side
135737 THEVERGE 2019-5-17:
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
0.342 Find similar Compare side-by-side
134964 TECHCRUNCH 2019-5-13:
WhatsApp exploit let attackers install government-grade spyware on phones
0.339 Find similar Compare side-by-side
135584 TECHCRUNCH 2019-5-16:
Openfinance opens up US trading of third-party digital assets
0.336 Find similar Compare side-by-side
135177 TECHCRUNCH 2019-5-14:
Google makes travel planning easier
0.330 Find similar Compare side-by-side
135084 ARSTECHNICA 2019-5-14:
Microsoft warns wormable Windows bug could lead to another WannaCry
0.320 Find similar Compare side-by-side
135416 THENEXTWEB 2019-5-15:
Get ready to see more shopping ads on Google Search, Images and YouTube
0.318 Find similar Compare side-by-side
135597 THEVERGE 2019-5-16:
Google is launching YouTube on the Oculus Quest
0.309 Find similar Compare side-by-side
135295 TECHCRUNCH 2019-5-14:
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
0.307 Find similar Compare side-by-side
135205 TECHCRUNCH 2019-5-14:
You probably weren’t a target of the WhatsApp surveillance hack
0.306 Find similar Compare side-by-side
135618 THEVERGE 2019-5-16:
Android’s Live Transcribe will let you save transcriptions and show ‘sound events’
0.305 Find similar Compare side-by-side
135239 THEVERGE 2019-5-14:
Google agrees to pay owners of faulty Pixel phones up to $500
0.297 Find similar Compare side-by-side
135209 THEVERGE 2019-5-14:
Facebook reenables ‘View as Public’ feature following 2018 security issue
0.293 Find similar Compare side-by-side

1

ID: 135421

URL: https://www.theverge.com/2019/5/15/18625028/google-titan-security-keys-bluetooth-vulnerability-replacement-free

Date: 2019-05-15

Google is replacing Bluetooth Titan Security Keys because of a vulnerability

Google has issued a security advisory for its Bluetooth Titan Security Keys that is serious enough for it to replace them for free. The company says that there is a misconfiguration in the Titan Security Keys Bluetooth pairing protocols that could potentially allow an attacker to get access to your account or device — though only in a couple of specific (and specifically difficult to pull off) circumstances. The company tells us that the news today is a coordinated disclosure — which means in part that the companies that make affected products are disclosing the issue at the same time. Feitian, which is the company that makes Googles Titan Key but also sells keys under its own brand, disclosed the same vulnerability today and is offering a replacement program for its users. Microsoft originally discovered the vulnerability and disclosed it to the companies that make the affected products, Google says. Google has been leading the charge for two-factor authentication (2FA) for a long time now. In particular it has been pushing its Titan Security Keys as a more secure way to enable 2FA than simply an authentication app (or, even worse, SMS). Google is not wrong about that, but given that its meant to provide a higher level of security, theres going to be a higher level of scrutiny on any potential security vulnerabilities. Related There are two vulnerabilities that Google is disclosing. First, if an attacker is within the 30-foot Bluetooth Low Energy range of your key when you press the button to authenticate a login, they could connect their device to your security key. If they have your password, they could gain access to your account. The second possible case is that when you pair a key for the first time, an attacker could masquerade as your affected security key and connect to your device, and then do the same things on your device that other Bluetooth devices can do, like act as a keyboard or mouse. So: the attacker will need to be aware of this vulnerability, have software able to exploit it, and will need to execute their attack at precisely the right moment. Its a series of unlikely events, but again physical security keys like the Titan need to meet a higher standard in order to maintain peoples trust. As TechCrunch points out, Yubicos founder criticized Google for launching a BLE key because she believed it wouldnt be as secure as either USB or NFC. Googles disclosure about the Titan Security Key Bluetooth vulnerability does not affect the recently launched ability to use your Android phone as a physical security key. That method doesnt rely on Bluetooth pairing in the same way that the Titan and Feitian keys do. If you have a T1 or T2 on your Titan Key, youre eligible for a replacement. It might seem obvious, but these FIDO keys are designed to not be software upgradeable as a security measure. While you wait for it to arrive, Google is recommending that you continue to use your security key. It still is likely to be more secure than other 2FA methods — and absolutely more secure than not using 2FA at all.