What is Google Titan?
Titan is Google’s hardware security keys that provide two-factor authentication (2FA) for web users. It launched in July 2018, Google provides the Titan key for accessing your Google accounts, but you can also use it with other accounts that support the FIDO U2F standard for hardware keys.
Google has issued a security bug with Bluetooth law energy (BLE)Titan secret keys. The problem, however, is that Google misconfigured the BLE implementation, so it was insecure. It allows a so-called Man in The Middle (MiTM) attack, in which someone could get between your Titan key and the device it’s communicating with. That person could then intercept communications from the key and use them to sign in as you.
The second possible case is that when you pair a key for the first time, an attacker could “masquerade as your affected security key and connect to your device,” and then do the same things on your device that other Bluetooth devices can do, like act as a keyboard or mouse.
Google is now offering free replacement of Titan key because of the vulnerability.