Recently, Google has intensified efforts in replacing some versions of its Titan Security Key, due to an obvious Bluetooth pairing issue that could leave your account and gadgets open to attack.
The announcement specified that, even, the most trusted measures of security, could be, the passageway that leads to vulnerabilities.
This appears to be a cause for alarm!
On its security blog, Google mentioned that it had discovered a bug present, in the Bluetooth Low Energy, (BLE), of its Titan Security Key.
This bug leaves users vulnerable, to an inherent attack, during device pairing, through Bluetooth.
These keys are low-cost methods, of the two-factor authentication, which provides an additional layer of security measures in the process of accessing your Google account.
“It is possible for an attacker, who is physically close to you at the moment you use your security key, to, (a) communicate with your security key, or, (b) communicate with the device to which your key is paired.”, reported Google
There, however, seems to be some bit of good news, as the probability of getting attacked by this new development, is relatively small.
For your device, or, account to be vulnerable, the attacker must be in not less than 30 feet and is able to time that action, such that, you are connected with your security key at that exact moment.
At that point, the attacker, or, better still, the hacker, would, then, have a connection through their device, taking full advantage of the “secure’ two-factor authentication, given by Titan key.
They could also use their device, as a Bluetooth like a keyboard to gain control over your computer.
If attackers are that desperate to get your information, they probably have to snatch your PC from you, after putting in your login details, so, you must be aware of vulnerabilities of this nature, as the responsibility to apply extra protection for your information, lies with you.
The consequences of these vulnerabilities could be quite significant, as a falling victim, exposes your personal and company data to information breach that, can be re-modified.
Google recommends that users continue with their key, since the protection available, outweighs the probability that, you will be vulnerable.
If you decide to play safe, you can look out for your key, if it bears T1, or, T2, Google will replace it, at no cost for you.
Simply visit google.com/replacemykey to confirm yours.
Read up how to combat cybersecurity threat here.