Connected via Bluetooth and used as a method of two-factor authentication, Google’s Titan Security Key is found to have critical security loophole. If the vulnerability is found and exploited, it could allow a remote attacker to have access to accounts and even control devices that the Titan Key is linked to. There are two separate methods an attacker could use to penetrate a user’s device. The first method would require the unauthorized party to be within 30 feet of the user and connect to the key before the user has time to. The second method would involve the attacker disguising their device as the Titan Key when the potential victim attempts to pair the legitimate key to their device. If this is done successfully it could possibly lead to the attacker being able to obtain complete access to the users accounts and device. Although there is no direct mitigation at this time, Google is offering free replacements and advising users to still use the keys.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is