Google Offers Free Exchange Of Titanium 2FA Bluetooth Security Keys After Discovering A Security Fault

If you use one of Google's Titan security keys for two-factor authentication, you probably think your account is as secure as possible. In fact, on its website, Google promises that Titan security keys "have the same level of security as Google" and "exclude anyone who should not have access to your online accounts."

Do this more people. In an article published on his blog dedicated to security, Google announced Wednesday it discovered a "bad configuration" with the Bluetooth Low Energy version of its security key Titan, which could allow a close attacker to "communicate with your key. security or with the device to which your key is associated. "

As Google explains, an attacker can hit in two ways. When pairing the key with your PC or phone, a person can "potentially connect their own device to the relevant security key before your own device connects (and) connects to your account using their own device. if the attacker has already got your user name, your password and your password. could time these events exactly. "

Also, if you use the device to authenticate, an attacker "could use his device to impersonate the affected security key and connect to your device when you are prompted to press your key button." . After that, they could try changing their device so that it appears as a Bluetooth keyboard or mouse and possibly take action on your device. "

What does this mean for you? Although this is certainly a rare case – since it is a Bluetooth key, an attacker should be about thirty centimeters tall when you press the button – this is all the risk of even to alarm anyone who has bought a key to secure the account. Rather than trying to fix the vulnerability via software, Google will replace all the relevant security keys for free. To check if your key is part of the units involved, look at the small number above the USB port on the back. If it reads T1 or T2, your key needs to be replaced.

Google recommends using NFC or USB based security authentication until the replacement arrives, as these methods are not affected by the problem. In addition, the security patch for Android devices of June 2019 will automatically cancel the pairing of the affected Bluetooth security keys to eliminate the risk of an attack.

All affected users can request a free replacement by visiting google.com/replacemykey.