In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it.In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination: Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing.ĭue to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key - within approximately 30 feet - to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected. and are providing users with the immediate steps they need to take to protect themselves and to receive a free replacement key. We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. Posted by Christiaan Brand, Product Manager, Google Cloud
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |