Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
135460 VENTUREBEAT 2019-5-15:
Google uncovers Bluetooth vulnerability in Titan Security Key
1.000 Find similar Compare side-by-side
135610 THENEXTWEB 2019-5-16:
Google’s Titan Security Keys can be hijacked remotely, replace yours now
0.881 0.795 Find similar Compare side-by-side
135421 THEVERGE 2019-5-15:
Google is replacing Bluetooth Titan Security Keys because of a vulnerability
0.983 0.773 Find similar Compare side-by-side
135366 TECHCRUNCH 2019-5-15:
Google discloses security bug in its Bluetooth Titan Security Keys, offers free replacement
0.948 0.770 Find similar Compare side-by-side
135313 ENGADGET 2019-5-15:
Google recalls some Titan security keys after finding Bluetooth vulnerability
0.990 0.732 Find similar Compare side-by-side
135388 ARSTECHNICA 2019-5-15:
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers
0.983 0.689 Find similar Compare side-by-side
135818 ENGADGET 2019-5-18:
Google stats show how much a recovery number prevents phishing
0.510 Find similar Compare side-by-side
135295 TECHCRUNCH 2019-5-14:
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
0.345 Find similar Compare side-by-side
135522 TECHREPUBLIC 2019-5-16:
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
0.333 Find similar Compare side-by-side
135584 TECHCRUNCH 2019-5-16:
Openfinance opens up US trading of third-party digital assets
0.310 Find similar Compare side-by-side
135010 THENEXTWEB 2019-5-13:
Google forces Nest users to use Google accounts, raising privacy concerns
0.300 Find similar Compare side-by-side
135163 THENEXTWEB 2019-5-14:
No, end-to-end encryption isn’t a marketing gimmick
0.299 Find similar Compare side-by-side
135177 TECHCRUNCH 2019-5-14:
Google makes travel planning easier
0.296 Find similar Compare side-by-side
135209 THEVERGE 2019-5-14:
Facebook reenables ‘View as Public’ feature following 2018 security issue
0.291 Find similar Compare side-by-side
135008 TECHCRUNCH 2019-5-13:
Boost Mobile says hackers broke into customer accounts
0.287 Find similar Compare side-by-side
135618 THEVERGE 2019-5-16:
Android’s Live Transcribe will let you save transcriptions and show ‘sound events’
0.287 Find similar Compare side-by-side
135567 THEVERGE 2019-5-16:
Google clarifies Works with Nest shutdown, provides extension on existing connections
0.286 Find similar Compare side-by-side
135213 TECHCRUNCH 2019-5-14:
Amazon rolls out Alexa Guard, to help protect your home while you’re out
0.284 Find similar Compare side-by-side
135239 THEVERGE 2019-5-14:
Google agrees to pay owners of faulty Pixel phones up to $500
0.281 Find similar Compare side-by-side
135613 VENTUREBEAT 2019-5-16:
Openfinance To Become First Digital Security Platform To Allow U.S. Investors to Trade Third-Party Digital Assets on Secondary Market
0.280 Find similar Compare side-by-side
135152 THENEXTWEB 2019-5-14:
BitDefender researchers discover terrifying security vulnerability in Intel CPUs
0.278 Find similar Compare side-by-side
135737 THEVERGE 2019-5-17:
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
0.278 Find similar Compare side-by-side
135673 ARSTECHNICA 2019-5-17:
Guidemaster: Ars picks the best wireless keyboards you can buy in 2019
0.276 Find similar Compare side-by-side
135416 THENEXTWEB 2019-5-15:
Get ready to see more shopping ads on Google Search, Images and YouTube
0.273 Find similar Compare side-by-side
135596 ENGADGET 2019-5-16:
Google's how-to videos explain Assistant's accessibility features
0.272 Find similar Compare side-by-side

1

ID: 135460

URL: https://venturebeat.com/2019/05/15/google-uncovers-bluetooth-vulnerability-in-titan-security-key/

Date: 2019-05-15

Google uncovers Bluetooth vulnerability in Titan Security Key

When Google introduced the Titan Security Key at Cloud Next 2018 last August, the Mountain View company pitched the bundled dongles as ironclad protections against data compromise. Ironically, it now appears that at least one of them became an attack enabler rather than a deterrent. Google today detailed a flaw (discovered by Microsoft) in the Bluetooth Low Energy (BLE) version of the Titan Security Key that could allow a nearby person (within about 30 feet) to communicate with the key or with the device to which its paired. Theres a narrow window of opportunity during account sign-in and setup. When youre trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it, explained Google. An attacker … can potentially connect their device to your affected security key before your device connects [and] sign into your account … if [they] obtained your username and password. [Also,] before you can use your security key, it must be paired to your device. Once paired, an attacker … could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. For the uninitiated, the $50 Titan Security Key is Googles take on a FIDO (Fast Identity Online) key, a device used to authenticate logins physically. The company stressed last year that its not meant to compete with other FIDO keys on the market, but is aimed instead at customers who … trust Google. Googles decision to support Bluetooth wasnt without controversy. In a prescient statement following the Titan Security Keys announcement, Yubico CEO Stina Ehrensvard said that it does not provide the security assurance levels of NFC and USB and that its battery and pairing requirements offer a poor user experience. Google notes that the above-mentioned vulnerability doesnt affect the USB or NFC Titan Security Key nor the primary purpose of security keys. Indeed, it recommends using affected keys rather than turning off security key-based two-step verification altogether. It is much safer to use the affected key instead of no key at all, said Google. Security keys are the strongest protection against phishing currently available. Still, its offering free replacement keys through the Google Play Store. (Impacted keys have a T1 or T2 etched into the back.) And in the meantime, Google is recommending that Android and iOS (version 12.2) users activate their affected security keys in private place[s] away from potential attackers and immediately unpair them after sign-in. Android devices updated with the upcoming June 2019 Security Patch Level (SPL) and beyond will automatically unpair affected Bluetooth devices, and affected keys on iOS 12.3 will no longer work. Feitian, the company that manufactures Googles Titan Security Key, says its Bluetooth keys are affected by the same vulnerability, and its extending a similar replacement offer to its customers.