Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Google Technology

Google Recalls Its Bluetooth Titan Security Keys Because of a Security Bug (techcrunch.com) 21

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. From a report: The company says that the bug is due to a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols" and that even the faulty keys still protect against phishing attacks. Still, the company is providing a free replacement key to all existing users. The bug affects all Titan Bluetooth keys, which sell for $50 in a package that also includes a standard USB/NFC key, that have a "T1" or "T2" on the back.
This discussion has been archived. No new comments can be posted.

Google Recalls Its Bluetooth Titan Security Keys Because of a Security Bug

Comments Filter:
  • by EvilSS ( 557649 ) on Wednesday May 15, 2019 @12:36PM (#58597138)
    Google used to use Yubikeys but went their own way to get a bluetooth key. Yubico said they disagreed over security concerns and would not follow up with their own. Guess they were one to something.
    • by bluefoxlucid ( 723572 ) on Wednesday May 15, 2019 @12:57PM (#58597332) Homepage Journal

      I have a USB-C Yubikey 5. No wireless.

      I suggested no electronic voting machine can possibly provide security if it has a wireless networking capability of any kind--the hardware needs to not be there. Controlling the state of the machine and proving it to the public at the time of polling is doable...but hackers can invisibly bypass that if you plug it into networks. Wireless is always plugged in.

      Before this flaw was known, it existed. Hackers could have exploited this flaw. We don't know.

      Wireless communication is an inappropriate feature for the type of security these devices are supposed to provide.

    • I believe the Bluetooth keys were necessary to support iPhones because, until recently, Apple would not allow third-parties to access the NFC. At this point, I believe that only Yubikey has permission to do so.

      • by EvilSS ( 557649 )
        That seems about right I'd guess. I imagine it was also to give other phone users an easier time with something more familiar to them (since it looks like a car fob, everyone knows how those work) as well. In testing Yubikeys on various android phones, I found some were picky about how close the key had to be, forcing it to be removed from keyrings or lanyards to get it absolutely flat against the back of the phone.
  • by tronicum ( 617382 ) * on Wednesday May 15, 2019 @12:40PM (#58597180)
    They needed to recall their ubikey 1 keys. We can do it better.... Well looks like hardware fobs are not that easy. And bad Bluetooth protocol implementation happen only to other vendors....not!
  • T1 or T2? (Score:5, Funny)

    by DontBeAMoran ( 4843879 ) on Wednesday May 15, 2019 @01:27PM (#58597556)

    The bug affects all Titan Bluetooth keys, which sell for $50 in a package that also includes a standard USB/NFC key, that have a "T1" or "T2" on the back.

    Upon shoving my Titan Bluetooth key in a padded enveloppe to send it back to Google, I swear I heard it say "I'll be back".

news: gotcha

Working...