Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,208
- Points
- 113
PayPal has filed a patent for a method to detect stolen “super cookies,” which could improve the cookie-based authentication mechanism and limit account takeover attacks.
PayPal is set to combat attacks where hackers steal cookies containing authentication tokens to log into accounts without having to enter valid details and to bypass two-factor authentication (2FA).
“Cookie theft is a sophisticated form of cyber-attack in which an attacker steals or copies cookies from a victim’s computer into their web browser,” PayPal’s patent application states. These stolen cookies often contain hashed passwords, so the hacker can impersonate the user or their authenticated device to gain access to secure information.
Unlike standard cookies that are stored locally, supercookies or “flash cookies” are local shared objects (LSOs) that are inserted at the network level as unique identifier headers (UIDHs) by the user’s Internet service provider (ISP). They are used primarily for cross-site tracking, tracking users across browsers on the same device, collecting browsing activity data, and fingerprinting. Supercookies are more difficult to detect and delete because they are not stored in the browser’s standard cookie folder.
Super cookies
PayPal engineers have developed a method for calculating a fraud risk score in its cookie-based authentication mechanism to detect illegitimate login attempts. When it receives an authentication request from a user’s device, it identifies the various locations where cookies are stored on the device and sorts them “in order of increasing fraud risk.”
"The cookie value for each storage location is retrieved from the device. The expected cookie value is calculated based on the cookie value from the previous storage location," the patent application says.
PayPal then evaluates the risks by comparing the expected cookie values with the values assigned to the device storage locations. The authentication request is processed based on whether this assessment exceeds a pre-defined tolerance level for at least one of the storage locations. This allows the system to manage authentication requests accordingly, accepting, rejecting, or activating additional security measures to approve the login attempt.
System logic
The resulting cookie values are encrypted using a public-key cryptographic algorithm.
The process of encryption and comparison of values
The company filed a patent titled "Identification of Super Cookies for Detecting Stolen Cookies" in July 2022, and it was published by the U.S. Patent and Trademark Office earlier this month.
In January, CloudSEK unveiled a new exploit that allows hackers to exploit the functionality of the OAuth 2.0 authentication protocol to compromise Google accounts. The MultiLogin attack uses an undocumented Google Oauth access point to maintain valid sessions by regenerating cookies even after an IP address or password change.
Source
PayPal is set to combat attacks where hackers steal cookies containing authentication tokens to log into accounts without having to enter valid details and to bypass two-factor authentication (2FA).
“Cookie theft is a sophisticated form of cyber-attack in which an attacker steals or copies cookies from a victim’s computer into their web browser,” PayPal’s patent application states. These stolen cookies often contain hashed passwords, so the hacker can impersonate the user or their authenticated device to gain access to secure information.
Unlike standard cookies that are stored locally, supercookies or “flash cookies” are local shared objects (LSOs) that are inserted at the network level as unique identifier headers (UIDHs) by the user’s Internet service provider (ISP). They are used primarily for cross-site tracking, tracking users across browsers on the same device, collecting browsing activity data, and fingerprinting. Supercookies are more difficult to detect and delete because they are not stored in the browser’s standard cookie folder.
Super cookies
PayPal engineers have developed a method for calculating a fraud risk score in its cookie-based authentication mechanism to detect illegitimate login attempts. When it receives an authentication request from a user’s device, it identifies the various locations where cookies are stored on the device and sorts them “in order of increasing fraud risk.”
"The cookie value for each storage location is retrieved from the device. The expected cookie value is calculated based on the cookie value from the previous storage location," the patent application says.
PayPal then evaluates the risks by comparing the expected cookie values with the values assigned to the device storage locations. The authentication request is processed based on whether this assessment exceeds a pre-defined tolerance level for at least one of the storage locations. This allows the system to manage authentication requests accordingly, accepting, rejecting, or activating additional security measures to approve the login attempt.
System logic
The resulting cookie values are encrypted using a public-key cryptographic algorithm.
The process of encryption and comparison of values
The company filed a patent titled "Identification of Super Cookies for Detecting Stolen Cookies" in July 2022, and it was published by the U.S. Patent and Trademark Office earlier this month.
In January, CloudSEK unveiled a new exploit that allows hackers to exploit the functionality of the OAuth 2.0 authentication protocol to compromise Google accounts. The MultiLogin attack uses an undocumented Google Oauth access point to maintain valid sessions by regenerating cookies even after an IP address or password change.
Source
