On Thursday, Google started selling its own Titan Security Keys on the Google Store; hardware tokens that offer more robust two-factor authentication than a text message or smartphone app. Rather than just providing a password, which a hacker may be able to phish or otherwise obtain, users have to also plug a security token into their computer, or place it close to their phone when logging in.
But several senior security experts, including the former chief information security officer (CISO) of Facebook, are concerned about the devices, with some pointing to how the keys are actually produced by Feitian, a Chinese company. Multiple experts talking to Motherboard called for Google to be more transparent around these keys, amidst pressing, albeit currently unsubstantiated, concerns they could be leveraged by the Chinese state to hack users.
“I think it would be great if they documented their supply chain process,” Alex Stamos, Facebook’s former CISO and now at Stanford University, told Motherboard.
Hardware security tokens are used for locking down online accounts, such as email or cloud storage. Several different companies provide such tokens, and Google has previously said security keys are the reason none of its over 85,000 employees have been successfully phished since early 2017.
But the Titan key isn’t really made by Google, at least exclusively. Google confirmed to Motherboard that Feitian does make the keys, and that Google does not see an issue with working with them. Legally, Google is the manufacturer, but the company contracts with the third party to produce the keys, Google said. That Chinese link is what concerns multiple, senior security staff, though.
“The supply chain in China often is dictated by government policy,” the head of a security team based in a global, multi-billion dollar company said. Motherboard granted the source anonymity because they were not authorized to talk to the press. Generally speaking, one concern is that the Chinese government could potentially force Feitian to introduce some form of backdoor into the devices, or intercept the keys themselves and tamper with them, allowing the government to then access accounts of targets, for instance. (On a related note, in a tweet Stamos pointed to backdoors the NSA introduced into products from Cisco).
Google emphasised to Motherboard how the firmware improves the security of its Titan keys. As Jennifer Lin, Google’s director of product management, GCP security and privacy wrote in a blog post in July, the keys include firmware developed by the company to verify its integrity, and make sure it hasn’t been tampered with. This, Google told Motherboard, is what the company believes Titan keys offer over the rest of the market. Google builds the firmware into a chip in a trusted environment, and then ships that off to the producer, the company said. This firmware also means you don’t necessarily have to trust the manufacturer, Google believes.
“The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material,” Google’s Christiaan Brand, product manager for Google Cloud, wrote in Thursday’s blog post. “These permanently-sealed secure element hardware chips are then delivered to the manufacturing line which makes the physical security key device. Thus, the trust in Titan Security Key is anchored in the sealed chip as opposed to any other later step which takes place during device manufacturing,” he added.
This isn’t enough for some experts, though.
“I want to know what changes they made to the Feitian firmware, or if they wrote the firmware from scratch. If from scratch, I want to know what steps they took to ensure a secure outcome,” Dan Guido, CEO of cybersecurity firm Trail of Bits, told Motherboard in an email. Guido said the firmware on most keys is not upgradeable, meaning that vendors have to get it right the first time. But he would want to know if Google did add an update feature, and would still “probably avoid using or recommending it if so,” Guido wrote. (In a follow-up, Google said it wrote the firmware).
“I should not have to wait until Black Hat next year to find answers to these questions from an unaffiliated third-party,” he added.
Other security token companies say they manufacture their products in the US and Sweden, and that their firmware can not be updated.
Google declined to get into more specifics on the Titan keys.
Stamos, the former Facebook CISO and Stanford professor, tweeted on Thursday, “I’m not recommending the Google keys.”
Update: This piece has been updated to include additional information from Google.