Security News

In July 2018, after many years of using Yubico security key products for two-factor authentication, Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online Alliance, which curates the technical specifications of a range of authentication technologies that "[p]romote the development of, use of, and compliance with standards for authentication and device attestation".

Researchers have found a way to clone Google's Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment. A new attack method against such devices was described by researchers from NinjaLab, a France-based company that specializes in the security of cryptographic implementations.

Google has banned the conservative social networking app Parler from the Google Play Store for not removing posts that incite violence in the US. In a statement to BleepingComputer, Google stated that Parler was removed after repeated violations of policies that require Google Play apps to moderate user-generated content. Google Play Store policies require apps that display user-generated content to moderate and remove content that violates Google's policies, including threats of violence and harassment.

The vulnerability allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. An actor will have first to steal the target's login and password of an account secured by the physical key, then stealthily gain access to Titan Security Key in question, not to mention acquire expensive equipment costing north of $12,000, and have enough expertise to build custom software to extract the key linked to the account.

An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities.

Microsoft is rolling out a new Windows 10 feature to Insiders called 'News and Interests' that displays a taskbar flyout with recommended news stories, sports scores, and weather information. Similar to Google Discover, the Windows 10 'News and Interests' feature will build a profile of a user's interests to display matching news stories and articles.

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.

Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity. Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical security bug in System that could be exploited to achieve code execution remotely.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.