The attack requires the attacker to have physical access to the victim’s Titan Key, hours of time, and side-channel setup equipment worth €10,000 ($12,000 – £9,000).
Most of you may have heard about the benefits two-factor authentication (2FA) offers. Many of you may even be using it, receiving a one-time code via SMS or email when signing into various websites.
However, an often less used way for 2FA involves the use of physical keys making the entire authentication measure more robust and less vulnerable to attacks such as Sim Swapping.
In the latest, a new method has been devised by NinjaLab researchers to bypass Google’s Titan Key which is a physical 2FA key by cloning it.
See: Hackers can clone your lock keys by recording clicks from smartphone
The method requires the attacker to firstly know the victim’s password and secondly have access to the key itself for about 10 hours. Alongside, equipment worth $12000, and special software is also needed for a skilled actor to execute the attack.
Explaining the technicalities, the researchers state in their report [PDF] that,
The plastic casing [on the Titan key] is made of two parts which are strongly glued together, and it is not easy to separate them with a knife, cutter or scalpel. We used a hot air gun to soften the white plastic, and to be able to easily separate the two cas ..
Support the originator by clicking the read the rest link below.
