December 13, 2012
Zitmo Trojan Variant Halted by TextKey's Two-Factor Verification
TextPower recently refuted the fact that the Zitmo Trojan Variant Eurograbber can overcome all two-factor authentication. Textpower referred to its innovative TextKey authentication service, which leverages a cell phone's unique identifier and uses it as its "fingerprint" to validate a website user via a simple text message instead of a Web browser.
TextPower is a specialist in innovative text messaging software solutions for enterprises.
Banking customers across Europe have lost millions while transacting on the net due to the Zitmo Trojan. This specific version attacked Android (News - Alert) and Blackberry devices by overcoming the ordinary forms of two-factor verification.
All browser communication during the verification process is avoided by TextKey's patent-pending technology, eliminating man-in-the-middle (MITM) or man-in-the-browser (MITB) attacks on mobile device users.
In a statement, Scott Goldman, CEO at TextPower said, "There are several two-factor authentication methods used to protect web sites, but those that allow any form of data entry on a web browser page are vulnerable to a MITB/MITM attack. To eliminate this angle of attack, you must eliminate any method that involves the browser. A secure server-to-server connection between an authentication service and the web site is the simplest and most straightforward approach to do this. TextKey uses exactly that type of connection, completely circumventing any browser involvement to eliminate threats from any MITB/MITM attacks."
In contrast to other two-factor verification processes, the user can clearly view TextKey's authentication code on their mobile screen when they enter their correct ID and password. The TextKey cloud-based authentication system expects this code to be sent through an SMS from the registered mobile number for the particular ID. A hacker therefore cannot track or capture information on the website’s page. It is also very easy to deploy TextKey verification as no additional hardware or software is needed on the server running the website.
The ease of a soft token that can defy browser-based attacks is only available with groundbreaking two-factor authentication services like TextKey.
An organization can now set up an account with a TextKey mechanism on the website in a rapid and simplified manner. The server hosting the website needs to additionally only store the user’s mobile number apart from the existing ID and password.
Looking to grow your channel opportunities? Then be sure to attend Channel Vision Expo (CVx), collocated with ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at Channel Vision Expo. Follow us on Twitter.
Edited by Braden Becker
Related content you may also be interested in…