Security News > 2021 > January > Google Titan security keys hacked by French researchers
In July 2018, after many years of using Yubico security key products for two-factor authentication, Google announced that it was entering the market as a competitor with a product of its own, called Google Titan.
Security keys of this sort are often known as FIDO keys after the Fast IDentity Online Alliance, which curates the technical specifications of a range of authentication technologies that "[p]romote the development of, use of, and compliance with standards for authentication and device attestation".
French researchers Victor Lomne and Thomas Roche from a company called NinjaLab just published a fascinating paper entitled A Side Journey to Titan: Side-Channel Attack on the Google Titan Security Key.
That's the bad news: it proves that if attackers can get their hands on your Titan key for a while, and connect it to a monitoring device of their own for long enough, they can extract the current ECDSA private key and use it to make a software clone of your Titan key.
Technically the researchers have successfully hacked Google Titan keys.
The full list is here, and includes: all Google Titan keys, Yubikey's Neo product, and various Feitian devices including the MultiPass FIDO and ePass FIDO keys.
News URL
https://nakedsecurity.sophos.com/2021/01/11/google-titan-security-keys-hacked-by-french-researchers/
Related news
- Google paid $12 million in bug bounties last year to security researchers (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)