According to a recent research paper, Google's two-factor Titan Security Keys are vulnerable to an attack, ultimately resulting in key duplication or cloning. That comes courtesy of a so-called side-channel vulnerability in the chip powering the 2FA key itself, and it requires login credentials, physical access, full disassembly of the key, hours of work, estimated thousands of dollars resources and equipment to reverse-engineer its cryptographic key, and which would be foiled by U2F standards over the long-term anyway. In short: There's not much for most of our readers to worry about.
The full details are available in the 60-page PDF published by the researchers at Ninjalab, but the ultimate issue stems from Google's use of the NXP A700X chip in the security keys that manages the private key used to sign and present authentication — in other words, the secret bits inside the two-factor key that prove it's yours when you use it. While the chip itself isn't directly vulnerable to attack, a so-called "side-channel attack" can indirectly extract that key through observation — as in, the researchers repeatedly use the key and observe radio emissions from the secure element to deduce the private key details inside it.
From that, attackers can create a hardware copy, something the FIDO U2F protocol should make impossible. It reportedly requires thousands of dollars of hardware to do, and attackers need your login credentials in addition to the hardware key, which must also be disassembled and observed during use for a decent chunk of time. Though it took researchers around ten hours between disassembly, observation, and reassembly, they suggest the time could be trimmed down if the attack became more sophisticated.
Other hardware keys from companies like Feitan and Yubico that use the same chip may also be vulnerable to this attack. That includes the popular but discontinued Yubikey Neo. NXP and Yubico are both aware of the security researchers' claims, according to statements provided to Ars Technica, and neither disputes the details of the vulnerability. The full list of affected devices noted by the researchers is just below:
- Google Titan Security Key (all versions)
- Yubico Yubikey Neo
- Feitian FIDO NFC USB-A / K9
- Feitian MultiPass FIDO / K13
- Feitian ePass FIDO USB-C / K21
- Feitian FIDO NFC USB-C / K40
- NXP J3D081_M59_DF and variants
- NXP J3A081 and variants
- NXP J2E081_M64 and variants
- NXP J3D145_M59 and variants
- NXP J3D081_M59 and variants
- NXP J3E145_M64 and variants
- NXP J3E081_M64_DF and variants
Security standards at many venues consider a loss of physical access to constitute an immediate loss of security anyway, and two-factor keys can be easily revoked, assuming you know you've lost possession of them. However, the window for this attack is short enough it could happen before you're aware the key has been taken and replaced. Importantly, though, the U2F standard also means this sort of attack should only work for a short period. That's because the key exchange also includes a reference to the number of times a key has been used with a service, and the two keys eventually won't match. Venues that follow U2F standards will then lock out both keys when they observe a discrepancy, and Google tells Ars that it does follow those standards.
Google reportedly doesn't even offer a bug bounty for physical attacks like this — though that policy is stated for its Google Play program, other programs this would seem to fall under don't mention it.
It remains to be seen how Google or NXP plan on addressing this issue in the long-term — both when it comes to addressing keys already in the wild and mitigating or circumventing attack vectors in the future. (Perhaps better shielding inside the chip's potting? Or obfuscating the chip's internal operations in future software to impede radio analysis?)
Also note, this isn't the same "Titan" chip Google uses in other security settings, like the Titan M on its Pixel phones. While the company likes throwing around the name wherever security is important, it has no real meaning or consistency when it comes to actual hardware.
This actually isn't the first time Google has run into vulnerability issues with its Titan security keys. The original Bluetooth Titan key also had a flaw that resulted in free replacements being issued. But, so long as someone doesn't actually gain access to your key (and your account credentials), this new vulnerability probably won't be an issue for most of our readers, and you're still way better off than not having a 2FA key at all, or relying on SIM-swap vulnerable SMS-based 2FA. Folks that could be subject to a directly targeted attack, though, may consider changing keys.
- Ninjalab (direct download warning)
- Ars Technica