![]() ![]() ![]() Just get a replacement Bluetooth dongle from Google while you can. If you're using physical authentication tokens, don't let this deter you. Feitian did not return a request for comment by publication, but Feitan-branded BLE dongles with a "3" on the back are also vulnerable. But the company told WIRED that it will also replace other Feitian keys-even those without the Titan branding-that have been associated with Google accounts if the user got the key from Google or was directed to buy it by Google. Googles physical Titan security keys, available now on the Google Store, can help you protect your Google, Facebook, or Dropbox accounts from sophisticated phishing attacks. Initially, Google said it will replace Titan-branded keys marked "T1" and "T2" on the back. Google also notes that the bug doesn't affect physical authentication tokens that don't use BLE. ![]() After all, without that extra layer of defense, an attacker who already has the username and password for a victim's Google account wouldn't need to do any fancy hacking to gain access. Google points out, though, that using any second-factor authentication token is still much more protective than not using one. In other words, the people most affected by the bug are the ones most concerned about their security. Google specifically recommends the BLE dongles for its Advanced Protection Program, which offers even more aggressive account protections. Anyone can use the dongles with their Google accounts for an extra layer of protection, but they're especially favored by users at particular risk of having their accounts targeted by attackers, like public figures, human rights activists, and political dissidents. Google began selling the Titan-branded keys last August, outsourcing the hardware from Chinese manufacturer Feitian while managing the cryptographic keys itself. In a surprising setback, though, the company announced today that it has discovered a vulnerability in the Bluetooth version of its own Titan Security Key-which pairs to devices through the wireless Bluetooth Low Energy protocol, rather than through NFC or physical insertion into a port. As part of its expanded anti-phishing and account security measures, Google offers extensive support for physical authentication tokens. ![]()
0 Comments
Leave a Reply. |