To prevent the theft of “super-cookies”, Paypal files a patent

PayPal is innovating in the fight against data theft with its recent patent filing to identify the theft of precious “super-cookies”.

PayPal, which recently laid off 2,500 of its employees, intends to remain the world leader in online payments and is taking a new step in digital security by filing a patent for a new method for detecting the theft of “super-cookies”. The latter, persistent tracking files, are increasingly exploited by cybercriminals. PayPal’s new approach promises to bring increased protection to users, underscoring the company’s continued commitment to data security in the ever-changing digital landscape.

Titled “Super-Cookie Identification for Stolen Cookie Detection,” the patent was filed in July 2022 and recently published by the United States Patent and Trademark Office. Although the implementation of this technology in the consumer domain remains uncertain, the patent highlights the growing importance of developing new protection mechanisms against the theft of web cookies to prevent unauthorized connections.

Cookies VS super cookies

Unlike standard locally stored cookies, super cookies, also known as “Flash cookies”, take the form of local shared objects (LSOs) injected at the network level as headers. unique identifier (UIDH) by the user’s Internet service provider (ISP).

These super-cookies are primarily deployed for cross-site tracking, allowing users to be tracked across various browsers on the same device. Their function extends to collecting data on browsing activity, while serving as persistent “fingerprints” of the device.

In its patent application, Paypal engineers explain what hackers could do if they had these super-cookies in their hands. “With stolen cookies often containing hashed passwords, the attacker can use a web browser on the attacker’s computer to impersonate the user (or their authenticated device) and access secure information associated with the user’s account. user without having to manually log in or provide authentication information.

Due to their unconventional location in browser cookie storage, super-cookies present increased complexity in terms of detection and deletion.

The method

PayPal engineers have developed a method to assess the risk of fraud in the cookie-based authentication system, aimed at detecting fraudulent login attempts on the electronic payments platform.

“ Cookie theft is a sophisticated form of cyberattack, in which an attacker steals or copies cookies from a victim’s computer to the attacker’s web browser “, explains PayPal.

When an authentication request is received, the system ranks cookie storage locations on the device “in order of increased fraud risk.” It extracts cookie values ​​from each location, calculating an expected value for each location based on the previous cookie value.

Depending on the risk assessment, the system adapts the handling of authentication requests, whether by accepting them, rejecting them or triggering additional security measures to approve or reject the connection attempt.

In order to strengthen security against tampering, the retrieved cookie values ​​undergo an encryption process, using a public key cryptographic algorithm.

Ultimately, the system evaluates a risk score by comparing the expected values ​​with those assigned to the device’s storage locations.

Source: BleepingComputer