Google Titan Security Key Recalled After Bluetooth Pairing Bug

[silversurfer]

Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.
 
Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device.
 
Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security features for Google accounts, such as two-factor authentication and protections from phishing attacks. Specifically impacted is the version of the Titan Security Key with Bluetooth Low Energy (BLE) – not the NFC version of the security keys.
 
“This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected,” said Christiaan Brand, product manager with Google Cloud, in a Wednesday post. “Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing.”

SOURCE: https://threatpost.com/google-titan-secu...ed/144786/