Since last summer, Google began selling hardware keys (in other words, tokens) to simplify the process of two-factor authorization for logging into an account with the company's services. Tokens make life easier for users who can forget about manually entering incredibly complex passwords, as well as remove identification data from devices: computers and smartphones. The development was called the Titan Security Key and was offered both as a USB device and with a Bluetooth connection. According to Google, after the start of the use of tokens within the company, for all the time after that there was not a single fact of hacking employee accounts. Alas, one vulnerability was found in the Titan Security Key, but to Google's credit, it was found in the Bluetooth Low Energy protocol. Keys connected via USB are still immune to hacking.
ΠΠ°ΠΊ on the Google website, some of the Bluetooth Titan Security Key tokens turned out to have an incorrect Bluetooth Low Energy configuration. These tokens can be identified by the markings on the back of the key. If the number on the reverse side contains combinations T1 or T2, then such a key must be replaced. The company decided to change such keys for free. Otherwise, the issue price would be up to $25 plus shipping.
The discovered vulnerabilities allow an attacker to act in two ways. First, if someone knows the attacker's login and password, they can log into his account at the moment of pressing the connect button on the token. To do this, the attacker must be within the range of the key connection - this is approximately up to 10 meters. In other words, the dongle connects via Bluetooth not only to the user's device, but also to the attacker's device, which deceives Google's two-factor authentication.
Another way to use a vulnerability in Bluetooth for unauthorized use of the Bluetooth Titan Security Key token is that at the time of establishing a connection between the dongle and the user's device, an attacker can connect to the victim's device under the guise of a Bluetooth peripheral, such as a mouse or keyboard. And after that, manage the victim's device as he wishes. That in the first case, that in the second there is nothing good for a user with a compromised key. An outsider has the opportunity to extract personal data, the leak of which the victim does not even know. Do you have a Bluetooth Titan Security Key? Plug it in and go to , and the Google service itself will determine whether this key is reliable or it needs to be replaced.
Source: 3dnews.ru