Fujifilm Unveils 100-Megapixel GFX 100 Medium Format Mirrorless Camera
Samsung Galaxy Note 10 may feature 4300 mAh battery
Aston Martin pays tribute to James Bond with special edition DBS Superleggera
Mario Kart Tour Beta Impressions - Pay to Win and Missed Opportunities
You Need to Replace Your Google Bluetooth Titan Security
17 May 2019, 04:40 | Casey Mitchell
Google Titan's Bluetooth Security Key Can Be Used to Hack Paired Devices
Considering the very slim chance of such an attack and the fact that this "security issue does not affect the primary objective of security keys, which is to protect you against phishing by a remote attacker", the company advises BLE-enabled Titan Security Key users to continue using the devices. First, they'd have to be physically close to you at the moment when an app prompts you to press the Bluetooth key's button to log in.
"After you've used your key to sign into your Google account on your device, immediately unpair it".
We recommend using your affected security key in a private place where a potential attacker is not within close physical proximity (approximately 30 feet). "In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly", Google explained.
Titan is Google's name for its family of hardware security keys that provide two-factor authentication (2FA) for web users.
Thirteen arrested as Sydney Harbour Bridge operation concludes
About 5.15am (Tuesday 14 May 2019), security staff operating on the Sydney Harbour Bridge observed several people on the bridge. Greenpeace have said that the protestors were calling on Prime Minister Scott Morrison to "declare a climate emergency".
"This security issue does not affect the primary goal of security keys, which is to protect you against phishing by a remote attacker", said Google Cloud product manager Christiaan Brand in a blog post, noting that even flawed security keys are better than giving up on two-step authentication.
Or, they could, in effect, use their device as a Bluetooth accessory like a keyboard to take control of your computer.
The Titan security key bundle. Affected units can be identified by looking for T1 or T2 printed on the rear. It comes in two flavours: a USB key that you plug into your computer, and a Bluetooth-based key that connects wirelessly to your device.
This flaw vindicates the somewhat controversial decision a year ago by rival security-key maker Yubico to not manufacture Bluetooth-enabled security keys. Google is offering replacement keyfobs for free.
Google said using its Titan keys is still safer than not using a security key at all (although it conveniently left out the option of seeking a competitor, like a YubiKey).
"However, there is no such thing as ideal technology, so I'm glad Google is taking the initiative and recalling these keys". That person could then intercept communications from the key and use them to sign in as you. You can use your key in this manner again while waiting for your replacement, until you update to iOS 12.3.
According to the BLE Titan Security Key store page, "Titan Security Keys help prevent phishing and keep out anyone who shouldn't have access to your online accounts". You will not be able to use your affected key to sign into your Google Account, or any other account protected by the key, and you will need to order a replacement key. An Android update scheduled for next month will automatically unpair Bluetooth security keys so users won't have to do it manually.
"The fact you must be within 30 feet of the security key isn't an issue, especially when you consider how fast compiled and scripted software can run". This has the unfortunate result of locking people out of their Google accounts if they sign out.
Conrad Black: Trump pardons ex-media mogul
President Donald Trump has pardoned a media mogul who just so happened to author a book gushing about the Trump presidency. He also penned and op-ed for Canada's National Post , a newspaper he founded in the 1990s, in response to the pardon.
PG&E equipment sparked deadly California wildfire
It also completely destroyed the town of Paradise , burned a total of 153,336 acres, and destroyed 18,804 structures. The company faces dozens of lawsuits from Camp Fire victims and billions of dollars in potential liabilities.
Cubs' Zobrist files for separation from wife
Cubs second baseman Ben Zobrist will remain on a personal leave of absence from the team indefinitely amid a divorce. The Zobrists, both children of preachers, were married December 17, 2005, in Iowa City, Iowa, her hometown.
Reynolds leads Rockies past Red Sox in 11th
It's not gratifying, just something that we believed. "I had awful timing with giving up the runs I did", Sale said. Colorado recalled 3B Pat Valaika from Triple-A Albuquerque and optioned 2B Garrett Hampson to the Isotopes.
Hyundai wants to build fast EVs, invests Euro 80M with Rimac
The company is a leader in developing electric race cars and produces drivetrains and battery systems for electric hypercars. The company has its headquarters located on the outskirts of Zagreb, Croatia with a worforce strength of more than 500.
U.S. orders suspension of flights between the U.S. and Venezuela
On Wednesday, Venezuelan President Nicolas Maduro confirmed that Rodriguez was on a foreign trip with a "very important mission". The U.S. and more than 50 other countries contend his presidency is illegitimate and recognize Guaido as the interim president .