Buy the cheapest virtual number for VK or Facebook and register accounts without using personal phone numbers.
The Titan security key is designed to help users protect themselves from phishing attacks and account hijacking using FIDO standards for two-factor authentication (2FA). The product uses cryptography to verify the user’s key and security address when logging into their account.
This issue affects the Bluetooth version T1 and T2 of the Titan Low Energy Consumption (BLE) security key; USB and NFC security keys are not affected. Google has created a page where users are informed if they have any affected security keys associated with their Google account. Titan Security Key Bluetooth vulnerability
Microsoft reported to Google about a security issue described as a misconfiguration in the Titan Bluetooth pairing protocols. Weakness allows an attacker within the range of Bluetooth to communicate with the security key and the device with which it is connected.
However, Google notes that it is not easy to carry out an attack, since attackers will have to carry out their actions precisely when the victim performs certain actions.
A hacker can connect his own device to the victim’s security key before the legitimate device connects, but he should launch the attack just when the target presses a button on his security key, which users should do when they log in to their account.
An attacker can also use his own device to disguise the victim’s security key and connect to the victim’s device at the click of a button. Once connected, the hacker can change the functionality of his device to a mouse or Bluetooth keyboard and perform actions on the victim’s device.
“This security issue does not affect the primary purpose of security keys, which is to protect against phishing by a remote attacker. Security keys remain the most reliable protection against phishing; it’s still safer to use a key that has this problem, instead of disabling 2-step verification (2SV) based on the security key in your Google account or switching to less phishing-resistant methods (for example, SMS codes or requests sent to your device). ” , says Christian Brand, product manager for Google Cloud.
Feitian-branded security keys are also susceptible to this vulnerability, and they are also eligible for replacement, but customers may have to pay a very small fee. Outside the US, keys are delivered through Amazon, and the cost of the device can only be reduced to $ 1, the brand said on Twitter.
It is worth noting that in the case of Feitian keys, the problem affects versions 1, 2 and 3.
Users who have associated their security key with an iOS device can minimize the risk of attacks by disconnecting the key immediately after using it. However, after updating to iOS version 12.3, the security key will stop working. In the case of Android, users can also disconnect their device immediately after use, and starting from the upcoming June 2019 level of security fixes, affected Bluetooth devices will be automatically disabled.
In both cases, users are advised to use their security key only in places where a potential attacker cannot be in close proximity.