There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are some steep hurdles to clear for an attack to be successful. A hacker would first have to steal a target’s account password and to also gain covert possession of the physical key for as many as 10 hours. The cloning also requires up to $12,000 worth of equipment, custom software, and an advanced background in electrical engineering and cryptography. That means the key cloning—were it ever to happen in the wild—would likely be done only by a nation-state pursuing its highest-value targets. “Nevertheless, this work shows that the Google Titan Security Key (or other impacted products) would not avoid [an] unnoticed security breach by attackers willing to put enough effort into it,” researchers from security firm NinjaLab wrote in a research paper published Thursday. “Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered.” The 2FA gold standard Two-factor authentication, or 2FA,… Read full this story
- Surveillance used to be a bad thing. Now, we happily let our employers spy on us
- Google takes on alleged Iranian influence campaign
- How crooks are using a legal app to steal your bank card details in under one SECOND
- Russia's New Internet Crackdown—and How Tech-Savvy Citizens Are Trying to Thwart It
- The Finance 202: Fed report shows business execs worry about Trump's trade moves
- How Reagan, Clinton, and Bill Gates paved the way for the rise of Big Tech
- The CIA's communications catastrophic compromise started in Iran
- Encryption and the Speech Surplus: Building a Backdoor to the First Amendment
- Fact Check: Trump's Remarks on Putin and the Russia Investigation
- In A White House With Unprecedented Turnover, Survivors Have 'Endurance'
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips have 319 words, post on arstechnica.com at January 8, 2021. This is cached page on wBlogs. If you want remove this page, please contact us.