Due to a misconfiguration in the wireless pairing protocol of the Bluetooth Low Energy (BLE) version of the Titan security key, Google announced the recall of the device. This error allows an attacker to launch an attack within approximately 30 feet while the Titan security key is communicating with the paired device. According to Google's official overview:
When you try to sign in to your account on your device, you will usually be asked to activate it by pressing the button on the BLE security key. An attacker approaching the distance at this time may connect their device to the affected security key before connecting your own device. In this case, if an attacker has somehow obtained your username and password and can accurately calculate these events, an attacker can log in to your account using their own device.
You must pair it with your device before using it. Once paired, an attacker who is in close contact with you can use their device to pretend to be the affected security key and connect to your device when you are asked to press a button on the key. They may then try to change their device to a Bluetooth keyboard or mouse and may perform actions on your device.
If you have a Titan security key on hand, you can check if it is affected by checking the back of the device. If you see "T1" or "T2", your key will be affected, youEligible for free replacement. Since this error only affects Bluetooth pairing, the non-Bluetooth version of the security key is not affected.