SIMonline

Service receive & sending SMS

Google Titan dongle vulnerable to Bluetooth attacks

189   |     /   Security

Google Titan dongle vulnerable to Bluetooth attacks
Google has announced that it offers a free replacement for the Titan Security Key after detecting a potentially serious vulnerability.



Buy the cheapest virtual number for VK or Facebook and register accounts without using personal phone numbers.

The Titan security key is designed to help users protect themselves from phishing attacks and account hijacking using FIDO standards for two-factor authentication (2FA). The product uses cryptography to verify the user’s key and security address when logging into their account.

This issue affects the Bluetooth version T1 and T2 of the Titan Low Energy Consumption (BLE) security key; USB and NFC security keys are not affected. Google has created a page where users are informed if they have any affected security keys associated with their Google account. Titan Security Key Bluetooth vulnerability

Microsoft reported to Google about a security issue described as a misconfiguration in the Titan Bluetooth pairing protocols. Weakness allows an attacker within the range of Bluetooth to communicate with the security key and the device with which it is connected.

However, Google notes that it is not easy to carry out an attack, since attackers will have to carry out their actions precisely when the victim performs certain actions.

A hacker can connect his own device to the victim’s security key before the legitimate device connects, but he should launch the attack just when the target presses a button on his security key, which users should do when they log in to their account.

An attacker can also use his own device to disguise the victim’s security key and connect to the victim’s device at the click of a button. Once connected, the hacker can change the functionality of his device to a mouse or Bluetooth keyboard and perform actions on the victim’s device.

“This security issue does not affect the primary purpose of security keys, which is to protect against phishing by a remote attacker. Security keys remain the most reliable protection against phishing; it’s still safer to use a key that has this problem, instead of disabling 2-step verification (2SV) based on the security key in your Google account or switching to less phishing-resistant methods (for example, SMS codes or requests sent to your device). ” , says Christian Brand, product manager for Google Cloud.

Feitian-branded security keys are also susceptible to this vulnerability, and they are also eligible for replacement, but customers may have to pay a very small fee. Outside the US, keys are delivered through Amazon, and the cost of the device can only be reduced to $ 1, the brand said on Twitter.

It is worth noting that in the case of Feitian keys, the problem affects versions 1, 2 and 3.

Users who have associated their security key with an iOS device can minimize the risk of attacks by disconnecting the key immediately after using it. However, after updating to iOS version 12.3, the security key will stop working. In the case of Android, users can also disconnect their device immediately after use, and starting from the upcoming June 2019 level of security fixes, affected Bluetooth devices will be automatically disabled.

In both cases, users are advised to use their security key only in places where a potential attacker cannot be in close proximity.


Similar news


Whatsapp used to spy users

Facebook fixed WhatsApp's zero day zero vulnerability, which could and was used to remotely install spyware on phones by calling the target device.

A remote code execution error was detected in Kaspersky products

Researchers have discovered a serious vulnerability in remote code execution affecting Kaspersky Lab products. The cybersecurity firm released a hotfix for customers in early April.

Drive Fenix - the new browser for Android

The Google Play Store has a new web browser from a familiar person. This is the Fenix ​​code name, and it will eventually turn into Firefox on Android phones and tablets.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved