Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
135460 VENTUREBEAT 2019-5-15:
Google uncovers Bluetooth vulnerability in Titan Security Key
1.000 Find similar Compare side-by-side
135610 THENEXTWEB 2019-5-16:
Google’s Titan Security Keys can be hijacked remotely, replace yours now
0.881 0.809 Find similar Compare side-by-side
135421 THEVERGE 2019-5-15:
Google is replacing Bluetooth Titan Security Keys because of a vulnerability
0.983 0.781 Find similar Compare side-by-side
135366 TECHCRUNCH 2019-5-15:
Google discloses security bug in its Bluetooth Titan Security Keys, offers free replacement
0.948 0.779 Find similar Compare side-by-side
135313 ENGADGET 2019-5-15:
Google recalls some Titan security keys after finding Bluetooth vulnerability
0.990 0.765 Find similar Compare side-by-side
135388 ARSTECHNICA 2019-5-15:
Google warns Bluetooth Titan security keys can be hijacked by nearby hackers
0.983 0.694 Find similar Compare side-by-side
135818 ENGADGET 2019-5-18:
Google stats show how much a recovery number prevents phishing
0.514 Find similar Compare side-by-side
135295 TECHCRUNCH 2019-5-14:
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
0.352 Find similar Compare side-by-side
135522 TECHREPUBLIC 2019-5-16:
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
0.328 Find similar Compare side-by-side
135010 THENEXTWEB 2019-5-13:
Google forces Nest users to use Google accounts, raising privacy concerns
0.320 Find similar Compare side-by-side
135584 TECHCRUNCH 2019-5-16:
Openfinance opens up US trading of third-party digital assets
0.320 Find similar Compare side-by-side
135567 THEVERGE 2019-5-16:
Google clarifies Works with Nest shutdown, provides extension on existing connections
0.316 Find similar Compare side-by-side
135163 THENEXTWEB 2019-5-14:
No, end-to-end encryption isn’t a marketing gimmick
0.306 Find similar Compare side-by-side
135177 TECHCRUNCH 2019-5-14:
Google makes travel planning easier
0.304 Find similar Compare side-by-side
135773 THENEXTWEB 2019-5-17:
Google isn’t killing off Nest integrations just yet
0.300 Find similar Compare side-by-side
135209 THEVERGE 2019-5-14:
Facebook reenables ‘View as Public’ feature following 2018 security issue
0.299 Find similar Compare side-by-side
135613 VENTUREBEAT 2019-5-16:
Openfinance To Become First Digital Security Platform To Allow U.S. Investors to Trade Third-Party Digital Assets on Secondary Market
0.294 Find similar Compare side-by-side
135239 THEVERGE 2019-5-14:
Google agrees to pay owners of faulty Pixel phones up to $500
0.289 Find similar Compare side-by-side
135213 TECHCRUNCH 2019-5-14:
Amazon rolls out Alexa Guard, to help protect your home while you’re out
0.281 Find similar Compare side-by-side
135737 THEVERGE 2019-5-17:
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
0.280 Find similar Compare side-by-side
135038 THEVERGE 2019-5-13:
How to stop Google from keeping your voice recordings
0.279 Find similar Compare side-by-side
134898 TECHCRUNCH 2019-5-12:
Week-in-Review: Google impersonates Apple and Bezos eyes the moon
0.279 Find similar Compare side-by-side
135152 THENEXTWEB 2019-5-14:
BitDefender researchers discover terrifying security vulnerability in Intel CPUs
0.278 Find similar Compare side-by-side
135416 THENEXTWEB 2019-5-15:
Get ready to see more shopping ads on Google Search, Images and YouTube
0.277 Find similar Compare side-by-side
135673 ARSTECHNICA 2019-5-17:
Guidemaster: Ars picks the best wireless keyboards you can buy in 2019
0.276 Find similar Compare side-by-side

1

ID: 135460

URL: https://venturebeat.com/2019/05/15/google-uncovers-bluetooth-vulnerability-in-titan-security-key/

Date: 2019-05-15

Google uncovers Bluetooth vulnerability in Titan Security Key

When Google introduced the Titan Security Key at Cloud Next 2018 last August, the Mountain View company pitched the bundled dongles as ironclad protections against data compromise. Ironically, it now appears that at least one of them became an attack enabler rather than a deterrent. Google today detailed a flaw (discovered by Microsoft) in the Bluetooth Low Energy (BLE) version of the Titan Security Key that could allow a nearby person (within about 30 feet) to communicate with the key or with the device to which its paired. Theres a narrow window of opportunity during account sign-in and setup. When youre trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it, explained Google. An attacker … can potentially connect their device to your affected security key before your device connects [and] sign into your account … if [they] obtained your username and password. [Also,] before you can use your security key, it must be paired to your device. Once paired, an attacker … could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. For the uninitiated, the $50 Titan Security Key is Googles take on a FIDO (Fast Identity Online) key, a device used to authenticate logins physically. The company stressed last year that its not meant to compete with other FIDO keys on the market, but is aimed instead at customers who … trust Google. Googles decision to support Bluetooth wasnt without controversy. In a prescient statement following the Titan Security Keys announcement, Yubico CEO Stina Ehrensvard said that it does not provide the security assurance levels of NFC and USB and that its battery and pairing requirements offer a poor user experience. Google notes that the above-mentioned vulnerability doesnt affect the USB or NFC Titan Security Key nor the primary purpose of security keys. Indeed, it recommends using affected keys rather than turning off security key-based two-step verification altogether. It is much safer to use the affected key instead of no key at all, said Google. Security keys are the strongest protection against phishing currently available. Still, its offering free replacement keys through the Google Play Store. (Impacted keys have a T1 or T2 etched into the back.) And in the meantime, Google is recommending that Android and iOS (version 12.2) users activate their affected security keys in private place[s] away from potential attackers and immediately unpair them after sign-in. Android devices updated with the upcoming June 2019 Security Patch Level (SPL) and beyond will automatically unpair affected Bluetooth devices, and affected keys on iOS 12.3 will no longer work. Feitian, the company that manufactures Googles Titan Security Key, says its Bluetooth keys are affected by the same vulnerability, and its extending a similar replacement offer to its customers.