Did you buy Google’s Titan Security Key to beef up your account security? If so, you may be getting a replacement.
Google has announced that it’s found a security issue that affects the Bluetooth Low Energy (BLE) version of its Titan Security Key in the U.S. The problem involves Bluetooth pairing, so the non-Bluetooth versions of the Titan Security Key are not affected.
Google explains that a misconfiguration of the Titan Security Keys’ Bluetooth pairing protocols could allow a malicious party who is physically close to you (within 30 feet) to communicate with your security key or the device that it’s paired to. The attacker would need to follow a close series of events in close coordination in order to actually exploit this bug, but the whole point of having a Titan Security Key is to help you be secure, so it’s still an issue.
To determine if your Titan Security Key is affected, check the back of the unit. If there’s a “T1” or “T2” on the back of your key, it’s affected by the bug and you’re eligible for a free replacement. Just go to this website to begin the process of getting that replacement.
Until you get your new Titan Security Key, you should keep using your existing unit since it’s safer to use the key affected by the bug rather than using no key at all. Google does say that users who update to iOS 12.3 will not be able to use their affected key to sign into their Google Account, so users who are already signed into their account should not sign out since they won’t be able to sign in again until they get a new key. Meanwhile, Android users will no longer be able to use their affected key after installing the upcoming June 2019 security patch updates.