PayPal (NASDAQ: PYPL) has recently filed a patent for a groundbreaking method designed to detect the theft of “super-cookies,” aiming to strengthen security in cookie-based authentication systems and mitigate account takeover attacks.
This innovative approach seeks to address the cyberattack strategy wherein hackers pilfer cookies, specifically those containing authentication tokens, from a user’s computer, allowing them unauthorized access to victim accounts without needing valid login credentials or bypassing two-factor authentication.
Why it matters: The initiative by PayPal underscores a growing concern within the digital security domain regarding the theft of cookies, a method that has become increasingly sophisticated over time. Super-cookies, unlike standard cookies, pose a greater threat due to their persistent nature and the difficulty in detecting and removing them. PayPal’s patent application not only highlights the vulnerabilities associated with these super-cookies but also proposes a strong solution to enhance security measures and protect user data from unauthorized access.
- Enhanced Security Measures: The system assesses risk by comparing expected cookie values with those retrieved from various storage locations on a device, processing authentication requests based on a predetermined fraud risk tolerance.
- Encryption for Safety: To prevent tampering, cookie values are encrypted using a public key cryptographic algorithm, ensuring that the cookies are used legitimately during the authentication process.
- Potential for Implementation: While the patent indicates PayPal’s proactive stance on cybersecurity, it remains to be seen how this technology will be deployed in consumer-facing applications.
Go Deeper -> PayPal files patent for new method to detect stolen cookies – BleepingComputer
PayPal patents new system to detect the theft of “super-cookies” – TechRadar