[TechTalk] Researchers Say Hackers Can Clone Google Titan 2FA Key

Researchers at NinjaLabs have figured out how to clone a Google Titan 2FA Key. It only requires a few easy steps:

  1. Steal the key for at lest ten hours
  2. Use a scalpel and hot air gun to expose the NXP A700X chip.
  3. Connect chip to special hardware and software to analyze electromagnetic signatures
  4. Exploit side channel attack
  5. Take ten hours to extract a single key or 16 hours to clone to keys or 22 hours for 3 keys. Time consuming!
  6. Have 12,000 USD + in equipment and sophisticated software and background in electromagnetic engineering.

Since all of this is no simple walk in the park only a very serious well resourced attacker or more likely a Nation State could likely pull this off. Google said they weren’t paying a bounty since the key had to be stolen and then taken to a location to perform the sophisticated software analysis and swapped back before someone realized it was gone:) But you can read about the exploit here.

This could be of concern to diplomats, journalists and others who might be considered a high value target worth the effort.


Privacy Policy | Terms of Service