The company introduced "smart" protection against hacking through supercooks.
PayPal has proposed a new way to combat account hijacking via super-cookies, which will significantly increase the security of authentication via cookies and reduce the risk of attacks on user accounts.
The company aims to prevent hackers from stealing cookies with login details that allow access to other people's accounts without a password and allow you to bypass two-factor authentication (2FA).
PayPal's patent application states that cookie theft is a sophisticated form of cyberattack in which an attacker copies cookies from the victim's computer to their browser. Captured cookies often contain hashed passwords, allowing an attacker to impersonate a user and gain access to protected account information without having to enter credentials.
Unlike standard cookies stored locally, supercooks (flash cookies) are entered at the network level as unique identifier (UIDH) headers by the user's Internet service provider. Superbugs are harder to detect and remove because they are not stored in the browser's standard cookie storage location.
Super cookies are used to track user activity on various sites and devices. They can collect data about pages visited and Internet activities, creating a unique fingerprint of the device.
System logic of the new PayPal method
PayPal engineers have developed a method to assess the risk of login fraud by analyzing information from different places where cookies are stored on the device. The system compares expected and actual cookie values, assigning a risk score to each authentication request. Depending on the rating, the request may be accepted, rejected, or require additional security measures. To ensure data protection, information from cookies is encrypted using modern cryptographic methods.
The patent was filed in July 2022, but was not published until February 1. While the patent does not guarantee that it will soon be implemented in products for users, it demonstrates that PayPal takes security seriously and is committed to developing new ways to protect against unauthorized access.
PayPal has proposed a new way to combat account hijacking via super-cookies, which will significantly increase the security of authentication via cookies and reduce the risk of attacks on user accounts.
The company aims to prevent hackers from stealing cookies with login details that allow access to other people's accounts without a password and allow you to bypass two-factor authentication (2FA).
PayPal's patent application states that cookie theft is a sophisticated form of cyberattack in which an attacker copies cookies from the victim's computer to their browser. Captured cookies often contain hashed passwords, allowing an attacker to impersonate a user and gain access to protected account information without having to enter credentials.
Unlike standard cookies stored locally, supercooks (flash cookies) are entered at the network level as unique identifier (UIDH) headers by the user's Internet service provider. Superbugs are harder to detect and remove because they are not stored in the browser's standard cookie storage location.
Super cookies are used to track user activity on various sites and devices. They can collect data about pages visited and Internet activities, creating a unique fingerprint of the device.
System logic of the new PayPal method
PayPal engineers have developed a method to assess the risk of login fraud by analyzing information from different places where cookies are stored on the device. The system compares expected and actual cookie values, assigning a risk score to each authentication request. Depending on the rating, the request may be accepted, rejected, or require additional security measures. To ensure data protection, information from cookies is encrypted using modern cryptographic methods.
The patent was filed in July 2022, but was not published until February 1. While the patent does not guarantee that it will soon be implemented in products for users, it demonstrates that PayPal takes security seriously and is committed to developing new ways to protect against unauthorized access.
