1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps they need to take to protect themselves and to receive a free replacement key. This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected. Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing.

What is the security issue?

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key -- within approximately 30 feet -- to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

  • When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.
  • Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This security issue does not affect the primary purpose of security keys, which is to protect you against phishing by a remote attacker. Security keys remain the strongest available protection against phishing; it is still safer to use a key that has this issue, rather than turning off security key-based two-step verification (2SV) on your Google Account or downgrading to less phishing-resistant methods (e.g. SMS codes or prompts sent to your device). This local proximity Bluetooth issue does not affect USB or NFC security keys.

Am I affected?

This issue affects the BLE version of Titan Security Keys. To determine if your key is affected, check the back of the key. If it has a “T1” or “T2” on the back of the key, your key is affected by the issue and is eligible for free replacement.

Steps to protect yourself

If you want to minimize the remaining risk until you receive your replacement keys, you can perform the following additional steps:

iOS devices:

On devices running iOS version 12.2 or earlier, we recommend using your affected security key in a private place where a potential attacker is not within close physical proximity (approximately 30 feet). After you’ve used your key to sign into your Google Account on your device, immediately unpair it. You can use your key in this manner again while waiting for your replacement, until you update to iOS 12.3.

Once you update to iOS 12.3, your affected security key will no longer work. You will not be able to use your affected key to sign into your Google Account, or any other account protected by the key, and you will need to order a replacement key. If you are already signed into your Google Account on your iOS device, do not sign out because you won’t be able to sign in again until you get a new key. If you are locked out of your Google Account on your iOS device before your replacement key arrives, see these instructions for getting back into your account. Note that you can continue to sign into your Google Account on non-iOS devices..

On Android and other devices:

We recommend using your affected security key in a private place where a potential attacker is not within close physical proximity (approximately 30 feet). After you’ve used your affected security key to sign into your Google Account, immediately unpair it. Android devices updated with the upcoming June 2019 Security Patch Level (SPL) and beyond will automatically unpair affected Bluetooth devices, so you won’t need to unpair manually. You can also continue to use your USB or NFC security keys, which are supported on Android and not affected by this issue.

How to get a replacement key

We recommend that everyone with an affected BLE Titan Security Key get a free replacement by visiting google.com/replacemykey.

Is it still safe to use my affected BLE Titan Security Key?

It is much safer to use the affected key instead of no key at all. Security keys are the strongest protection against phishing currently available.

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys






Ähnliche Beiträge

  • 1. Building a Titan: Better security through a tiny chip vom 307.17 Punkte ic_school_black_18dp
    Posted by Nagendra Modadugu and Bill Richardson, Google Device Security Group[Cross-posted from the Android Developers Blog]At the Made by Google event last week, we talked about the combination of AI + Software + Hardware to help organize your information.
  • 2. Building a Titan: Better security through a tiny chip vom 298.45 Punkte ic_school_black_18dp
    Posted by Nagendra Modadugu and Bill Richardson, Google Device Security Group At the Made by Google event last week, we talked about the combination of AI + Software + Hardware to help organize your information. To better protect that information at
  • 3. Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys vom 281.73 Punkte ic_school_black_18dp
    Posted by Christiaan Brand, Product Manager, Google Cloud We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps they need to
  • 4. Titan Security Keys are now available in Canada, France, Japan, and the UK vom 213.3 Punkte ic_school_black_18dp
    Posted by Christiaan Brand, Product Manager, Google Cloud Credential compromise as a result of phishing is one of the most common causes of security breaches. Security keys provide the strongest protection against these types of attacks, and that’s
  • 5. Titan Security Keys Could Be Exploited- Google vom 185.54 Punkte ic_school_black_18dp
    Google Titan Security Key is Vulnerable. Titan Security Keys Could Be Hacked through Bluetooth pairing. In July 2018, Google Launches Titan Security Key. Titan... The post Titan Security Keys Could Be Exploited- Google appeared first on HackersOnlineC
  • 6. The June 2019 Security Update Review vom 177.77 Punkte ic_school_black_18dp
    June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for June 2019 This month, Ad
  • 7. The August 2019 Security Update Review vom 174.12 Punkte ic_school_black_18dp
    August is here and it brings with it the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for August 2019 Adobe releas
  • 8. Creating a smart grid with technology and people vom 170.59 Punkte ic_school_black_18dp
    This blog post was authored by Peter Cooper, Senior Product Manager, Microsoft IoT. It’s 1882. Thomas Edison has just surpassed his breakthrough invention—the first incandescent lightbulb—by collaborating with J.P. Morgan to open the first i
  • 9. P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements vom 160.17 Punkte ic_school_black_18dp
    P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".0. How to installThe latest image could be fou
  • 10. How smart buildings can help combat climate change vom 152.94 Punkte ic_school_black_18dp
    The Internet of Things (IoT) is changing the way governments and organizations tackle some of humanity’s thorniest challenges. In this three-part series, we looked first at common issues leaders must address to drive digital transformation in their cities. Next, we’ll be focusing on exciting, major applicati
  • 11. The July 2019 Security Update Review vom 140.34 Punkte ic_school_black_18dp
    July has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for July 2019 Adobe released
  • 12. Google Announces Titan Security Key To Prevent Online Threats vom 139.48 Punkte ic_school_black_18dp
    Google Owns Security Key Product named “Titan”. It will prevent from online Threats. Google is working on Titan Security Key since 2017. Firstly, Google... The post Google Announces Titan Security Key To Prevent Online Threats appeared first on HackersOnlineClub.