Authentication Solution Battles Zeus-in-the-Mobile Attacks

Aug. 1, 2011

Confident Technologies, Inc., a provider of image-based authentication and verification solutions for websites and mobile applications, recently unveiled Confident Multifactor Authentication, a two-factor authentication system that delivers an image-based authentication challenge to users’ mobile phones. The San Diego-based company said that while many online businesses have started using two-factor authentication by sending authentication text messages to users’ mobile phones, cybercriminals are keeping pace using a variant of the noted Zeus malware to intercept and reroute authentication text messages. The company said its new solution provides a new and highly secure way to protect online businesses and their customers from fraud and Zeus-in-the-Mobile attacks, by securing the second factor and verifying that it is in fact the legitimate user in possession of the mobile device and not another person who is intercepting the authentication text messages. “Businesses are struggling to find a way to deploy strong authentication on public-facing websites without excessively burdening their customers,” said Curtis Staker, CEO of Confident Technologies. “It’s a step in the right direction that more websites are deploying two-factor authentication for users, but the common approaches including SMS and soft tokens, are not very secure. More than 160,000 mobile phones are lost or stolen each day in the U.S. alone and even more are infected with malware—giving someone other than the owner physical or virtual possession of the second factor. When authentication codes are clearly displayed in plain text in an SMS message or as part of a soft token on the phone, they add virtually no security because anybody with physical or virtual possession of that second factor device can read the code and use it to authenticate a fraudulent transaction.”