Logging in to Gmail on a phone will be a cinch.
Magdalena Petrova | CNBC
Google found a security issue that will could give an attacker access to a users’ device based on a tool meant to keep the item secure, the company disclosed Wednesday.
Google will be offering free replacements of its Bluetooth Low Energy Titan Security Keys after the item found that will anyone within about 30 feet could communicate with the key in addition to its paired device while a user tried to activate the key or pair their devices.
The Titan Security Key will be meant to provide a different layer of protection for users hoping to prevent their accounts through being taken over by phishing attacks. While Google said the issue does not interfere with the key’s ability to protect users through a remote phishing attack, the item still reveals a significant gap inside device’s security.
The flaw could undermine Google’s recent messaging around privacy in addition to security, which has become a hot issue in Silicon Valley. Google CEO Sundar Pichai penned a fresh York Times op-ed earlier This specific month advocating for the democratization of privacy after unveiling a host of fresh privacy features at Google’s developer conference.
Google recommended continuing to use the affected keys until their replacement arrives. As an extra precaution, users should use the keys when they aren’t near different people who may try to gain access to their devices, then immediately unpair the key after signing on, Google said. However, iOS users who have updated the edition 12.3 will not be able to sign into any accounts linked to the key until they receive a replacement, according to Google. The company advised staying logged onto accounts on iOS devices until the fresh replacement arrives.
Google said that will only BLE versions of the keys are affected. Devices which has a “T1” or “T2” on the back are eligible for the free replacement by visiting google.com/replacemykey.
Subscribe to CNBC on YouTube.
Watch: Google’s fresh security key will protect you through phishing attacks