Google found a security flaw in Titan Security Key, the flaw is Bluetooth Titan Security Key use 2-factor authentication. The security flaw could allow hackers in close proximity to bypass the security mechanism and connect their own devices.
Google says that “due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols.”
Company is now offering a free replacement to all those who have the affected Titan Bluetooth Keys.
How Attacker Can Attack on Titan Bluetooth Security Keys
The attacker can deploy within 30 feet approximately. An attacker can connect his/her own device to the key in the window between pressing the button to activate the hardware and signing into your account.
If the attacker acts swiftly and has obtained access to your username and password, it is also possible to login to your account using his own device.
The security flaw could allow hackers to “masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key.” Once they are connected to your device, then they can easily perform remote access.
The bug doesn’t affect the primary purpose of the Google Titan Security Key — protection against phishing by a remote hacker.
If your Google Security Key has “T1” or “T2” written on the back of it, you’re eligible for a free replacement. Affected users can get their Security Key replaced by visiting this link.