Posted in Shoddy Security

Flaw discovered in Google’s Bluetooth Titan security key, prompting a recall

Embarrassing, but not surprising, considering Google’s shoddy record on security.

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty keys still protect against phishing attacks. Still, the company is providing a free replacement key to all existing users.

Google’s recent introduction of Titan was its latest entry into a product category it has no need to be in. Google is increasingly selling hardware of various kinds, from phones (like the Pixel) to so-called “smart home” gadgets (its Nest line of products) and even Google Clip, an always-on camera.

YubiKey maker Yubico already makes high quality security keys with wireless functionality (NFC is used as opposed to Bluetooth because it’s more secure). There was no need for Titan, especially given that it’s an inferior product.

And yet, since Google bigwigs have this ridiculous desire to compete in pretty much every product category, they went ahead and made the Monster of Mountain View a competitor of Yubico. Perhaps now they’ll reconsider that decsion.