Google has officially announced today that its Titan Security Keys are vulnerable to cyber attacks due to a security bug in the Bluetooth protocols. The tech giant announced that the susceptibility could allow cyber crooks in close physical proximity exploit the key barring it from providing the intended security.
Security experts from the internet juggernaut say that the flaw appeared due to a misconfiguration in the Titan Security Keys synchronizing with Bluetooth Pairing Protocols. However, the company claims that the faulty keys are still capable of protecting the users against phishing attacks. But those concerned about security can avail the free replacement which the company is said to provide in a few days to all existing users.
All those $50 Titan Security keys which have ‘T1’ and ‘T2’ on the back and use standard USB/NFC logics will be eligible for replacement.
Technically speaking, it isn’t that easy to exploit the Bluetooth range of the Titan security keys and is only possible if the hacker exploits the bug within 30 feet of the device pairing.
The Alphabet Inc. subsidiary argues that the latest bug exposure doesn’t affect the main objective of the Titan key- which is to protect its users from Phishing attacks. Also, the company is pretty much sure that its recently launched service of using Android phone as a physical security key will remain unaffected.
Note 1- It was Microsoft which originally discovered this vulnerability and notified it to Google early last week.
Note 2– Titan Security Keys were devised with FIDO security standards by Google to provide 2-factor authentication using cryptography to verify user logins. As the devices are having hardware chips engineered to be integrated with Google’s specially devised software, the integrity of keys never gets damaged. As the Key can work with many popular browsers of today’s generation, a single device login is enough to authenticate logins for many personal and work services.