“When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. What’s the problem?Įxploitation of the misconfiguration depends on how close the attacker is to the target and how well they can coordinate certain actions.
Before their release, Google pointed users of its Advanced Protection Program towards Feitian’s security keys. The Titan-branded keys are only available to users in the US. These keys can perform authentication via Bluetooth Low Energy (BLE), USB or NFC.
The Titan Security Key is manufactured by Chinese infosec device maker Feitian, but its firmware was engineered by Google. About the Titan Security KeyĪlmost a year ago, Google made available its own line of physical security keys to improve anti-phishing protection of its employees and users. The bug can’t be fixed with a security update so Google is asking users to check whether their key is affected and, if it is, to ask for a replacement one to be sent to them free of charge. Misconfigured Bluetooth pairing protocols in Google’s Titan Security Keys may allow attackers to communicate with users’ security key or with the device their key is paired with, Google has warned.
0 kommentar(er)
