Titan Security Keys, Google’s security product meant for two-factor authentication (2FA), was found to have a security vulnerability. The Bluetooth Low Energy (BLE) version of the security key could be exploited by an outsider to sign into user accounts and possibly control devices connected to them. Currently, Titan security keys are available in the US market only.
According to a blog published by Christiaan Brand, Product Manager for Google Cloud Platform, an attacker at a distance approximately 30 feet from the user could intercept the security key or the device on which it is paired. However, Brand mentions that the attackers can only achieve this if they meet certain conditions.
In order to mitigate this flaw, Google has offered free replacements for users with Titan security keys.
How could it be exploited?
Google is issuing free replacements for Bluetooth Titan security keys. Users are advised to avail them as soon as possible. However, the tech giant suggested using these keys until users get the replacement.
“Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing,” suggested Brand, in his blog.