This new vulnerability doesn't change that, because a hacker needs access to the physical key, but it shows that if a bad actor did manage to get ahold of your 2FA key, there are certain methods they could use to clone it. That prevents hackers from accessing your accounts who may have found the credentials online, or stolen them from you through phishing attempts. Using such a tool, authenticating into an account requires the username, password, and physical possession of the hardware key. Nothing is airtight - Two-factor authentication (2FA) security keys like Titan are considered the strongest form of online security. The free replacement may be requested through Google’s dedicated website for the recall.Researchers at security firm NinjaLab have identified a vulnerability in Google's Titan security key that makes it possible to clone it, opening up the possibility that a hacker could gain covert access to a victim's online accounts, entirely unbeknownst to them. The affected version of the Bluetooth Titan Security Key has a T1 or T2 at the back of the device. The company recommended the continued usage of the device to maintain that protection, but suggested people to avail of the free replacements if they are eligible to do so. Google said that the vulnerability does not affect the main purpose of the Titan Security Key which is to protect its owners from phishing attacks. Hackers must be able to time things exactly right to either connect their device to the security key (though they will need to know the target’s username and password to access the victim’s account), or to masquerade their device as the security key, to take actions on the victim’s device. In addition, the process of taking advantage of the misconfiguration is difficult. The catch is that the attacker must be within about 30 feet of the target to exploit the vulnerability. According to Google, a misconfiguration in its Bluetooth pairing protocols makes it possible for an attacker to communicate with the security key or communicate with the device to which the security key is being paired. Yubico’s concern turned out to be well-founded and is exactly what happened with the Bluetooth version of the Titan Security Key, which is sold alongside the USB version. Microsoft’s Bing Chat: how to join the waitlist now GPT-4 claims to be 40% better at producing ‘factual responses’ GPT-4: new features, visual input, availability, and more
0 kommentar(er)
