Stand-alone vehicles: Is it really safe or not?
inet infosec

Stand-alone vehicles: Is it really safe or not?

Most of us growing up, we have admired mainly in the movie these large stand-alone vehicles that were advanced and possessed ...
Read More
infosec

Are Ships Safe from Cyber ​​Attacks?

Nowadays, even ships are at risk of hacking. New systems they use to connect ...
Read More
infosec

Malicious insider attacks on financial services!

It is well known that the sector most affected by cyberattacks is the business sector and in particular financial services ....
Read More
infosec

FaceApp became viral again. Does it endanger our personal life?

FaceApp. The application is reverted to viral after two years of circulation. Its effects have improved and many influencers decided to bring back ...
Read More
infosec

Sprint: Hackers have violated user accounts via a Samsung site

US mobile operator Sprint said he was hacked, as some criminals managed to access accounts ...
Read More
Latest Posts

Google's security vulnerability locks iOS users out of their accounts

vulnerability

A vulnerability in the Bluetooth Low Energy (BLE) Titan Security Key, which provides verification of two factors for accessing accounts Google, results in some users iOS do not have access to their accounts. Christiaan Brand, product manager at Google Cloud, writing on the Google Security Blog, said yesterday that "due to a wrong set-up in Bluetooth Titan Security Keys, it is possible for an attacker near you at the time you use the security key to contact your security key or the device to which your key is assigned. "

Of course, the attacker should be very close to his victim, and making such an attack is quite difficult unless the attacker had your name and password. Titan Security Keys are used by Google staff for internal access and are sold as two-factor authentication devices to the public. As the company says, the security issue "does not affect the primary purpose of security keys, which is to protect you from a remote attacker" and says "it's safer to use a key that has this problem than to disable verify two factors in your Google Account. "

Which keys are affected by vulnerability?

The USB and NFC security keys are not affected by the above vulnerability. However, if you use a BLE version of the Titan Security Key, you need to check the back of the device and if T1 or T2 is printed then it is affected and Google will offer free replacement.

What's the problem with iOS 12.3?

Google advises users of iOS 12.2 or a previous version, simply use the key "in a private place where a potential attacker is not in close proximity" and then disconnect it. However, things are different for iOS 12.3. Google says that such users will not be able to use the key to sign in to a Google Account or any other account protected by the key. In addition, Google confirms that "if you are already logged in to your Google Account on your iOS device, you must not log out because you will not be able to sign in again until you receive a new key." If you do not have access to your account, Google provides instructions to access it again.

Nadir Israel, CTO at Armis, says Bluetooth is a complicated protocol and is not surprised by the issue. "This vulnerability underlines the importance of controls to ensure that there are no vulnerabilities or incorrect configuration when implementing the Bluetooth protocol."

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *