Researcher warns of a MacOS vulnerability that Apple refuses to correct
infosec

Researcher warns of a MacOS vulnerability that Apple refuses to correct

According to an Italian security researcher named Filippo Cavallarin, macOS Mojave 10.14.5 and younger are vulnerable to a ...
Read More
infosec

The Pentagon: Educates the cyber-squire for a world war on a deserted island!

The Pentagon: Few have access to Plum Island in which a secret branch of the US government is located and performs exercises ...
Read More
infosec tweaks

New generation malware and ways of protection: What you need to know

Every day we hear about new attacks by hackers on companies, organizations, and even individuals. The worrying is that the scammers ...
Read More
infosec

Google Play Protect protects your device from malware. Turn it on!

Due to the recent vulnerability of WhatsApp that enabled hackers to remotely install spyware on both ...
Read More
infosec

Hackers stole sensitive NederWoon customer information

A home rental company, NederWoon, has been hit by hackers. Hackers managed to get into the company's systems ...
Read More
Latest Posts

Google's security vulnerability locks iOS users out of their accounts

vulnerability

A vulnerability in the Bluetooth Low Energy (BLE) Titan Security Key, which provides verification of two factors for accessing accounts Google, results in some users iOS do not have access to their accounts. Christiaan Brand, product manager at Google Cloud, writing on the Google Security Blog, said yesterday that "due to a wrong set-up in Bluetooth Titan Security Keys, it is possible for an attacker near you at the time you use the security key to contact your security key or the device to which your key is assigned. "

Of course, the attacker should be very close to his victim, and making such an attack is quite difficult unless the attacker had your name and password. Titan Security Keys are used by Google staff for internal access and are sold as two-factor authentication devices to the public. As the company says, the security issue "does not affect the primary purpose of security keys, which is to protect you from a remote attacker" and says "it's safer to use a key that has this problem than to disable verify two factors in your Google Account. "

Which keys are affected by vulnerability?

The USB and NFC security keys are not affected by the above vulnerability. However, if you use a BLE version of the Titan Security Key, you need to check the back of the device and if T1 or T2 is printed then it is affected and Google will offer free replacement.

What's the problem with iOS 12.3?

Google advises users of iOS 12.2 or a previous version, simply use the key "in a private place where a potential attacker is not in close proximity" and then disconnect it. However, things are different for iOS 12.3. Google says that such users will not be able to use the key to sign in to a Google Account or any other account protected by the key. In addition, Google confirms that "if you are already logged in to your Google Account on your iOS device, you must not log out because you will not be able to sign in again until you receive a new key." If you do not have access to your account, Google provides instructions to access it again.

Nadir Israel, CTO at Armis, says Bluetooth is a complicated protocol and is not surprised by the issue. "This vulnerability underlines the importance of controls to ensure that there are no vulnerabilities or incorrect configuration when implementing the Bluetooth protocol."

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *