Google released the Titan Security Key last year, as part of the company's growing focus on two-factor authentication. The kit comes with a USB Type-A key and a battery-powered Bluetooth/NFC key, and both could be configured as 2FA methods with Google accounts. The last thing you want in your security key is a security flaw, but that's just what has been discovered.
Google announced today on its security blog that a bug in the Bluetooth key has been discovered, but unless you're a world leader or spy agent, you probably don't have anything to worry about. The bug allows an attacker who is physically close to you (within 30 feet) to communicate with the device to which the key is paired, but only if you are pairing the key or signing into an account at the same time.
Google recommends Titan Security Key owners to continue using the keys as normal while the company sends out free replacements. On a related note, the kit was MIA on the Google Store for several months, but is now back in stock.
- Google Security Blog