Google’s Security Key Vulnerable to Hackers
Yesterday, Google disclosed that their Bluetooth (BLE) Titan Security Keys were accessible to hackers within about 30 feet of the key. The bug allows hackers to either communicate with the security key or with the device to which the key is connected. Google is taking steps to remedy the issue.
Now, in order for this attack to actually occur, a hacker would have to stand within 30 feet of you, connect their device to your key before you do, and know your username and password to log in. Unlikely, but still dangerous. A nearby hacker could also disguise their device as your security key, connect to your device, and control it remotely.
The good news? Google claims this bug doesn’t thwart the purpose of their security key in any way. The key still does its job to protect users against phishing. It’s important to note that only Bluetooth-connected keys with “T1” or “T2” on the back are at risk. Security keys without Bluetooth are in the clear.
Security keys are the strongest defense against phishing attempts and password leaks. Unless someone has your key in hand and knows your username and password, accessing your account is virtually impossible. Companies like Google and Yubico are utilizing such technology to deflect hackers and create a safer digital experience.
What Should I Do?
If you have a BLE Titan Security Key with “T1” or “T2” on the back, Google will replace it for free at google.com/replacemykey. It’s still safe to use your security key, as its function to protect you against phishing attacks is not affected. Until your replacement arrives, just make sure you’re more than 30 feet away from potential hackers, and disconnect Bluetooth when not in use.
No one is immune to phishing attacks, but if you’re not using a security key, it just might be the solution for you. If you have questions about security keys or would like specific recommendations, contact us at firstname.lastname@example.org.
Products mentioned in this article are not sponsored by or affiliated with EVAN or EVAN360.
EVAN is more than just a great source of technology information. We have IT Pros waiting to help you fix your computer problems right now.
Image credit: Google