![]() A persistent attacker could make that work, though. By doing this, the attacker can then change their device to look like a keyboard or mouse and remote control your laptop, for example.Īll of this has to happen at the exact right time, though, and the attacker must already know your credentials. An attacker could also potentially exploit this bug by using their own device and masquerading it as your security key to connect to your device when you press the button on the key. Google also notes that before you can use your key, it has to be paired to your device. With that - and assuming that they already have your username and password - they could sign into your account. The attacker can then use the misconfigured protocol to connect their own device to the key before your own device connects. To exploit the bug, an attacker would have to be within Bluetooth range (about 30 feet) and act swiftly as you press the button on the key to activate it. The bug affects all Titan Bluetooth keys, which sell for $50 in a package that also includes a standard USB/NFC key, that have a “T1” or “T2” on the back. Still, the company is providing a free replacement key to all existing users. The company says the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty keys still protect against phishing attacks. Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |