Image-Based ‘Kill Switch’ Used To Foil Hackers

Confident Technologies claimed its latest authentication technology can prevent hacking attempts while they are happening.

The new product, Confident KillSwitch, identifies and protects against “brute force” attacks on account log-ins, password-reset processes, transaction verifications and other authentication requests, Confident Technologies said on 24 August. The technology relies on encrypted images and works with the company’s other authentication products.

Brute force attacks

“Brute force” attacks simply keep trying different log-in passwords until the attacker happens to get it right. Attackers often use a dictionary of common or weak passwords and high-powered computer systems, such as cloud computer resources, to rapidly try many password combinations until the password is broken.

Confident KillSwitch is an add-on image-based authentication technology designed to defend user accounts and websites from brute-force log-in attempts. Attackers often automate this process, running a script to try all possible combinations to identify the correct password.

Sites that don’t automatically lock out an account after too many incorrect attempts are particularly vulnerable to brute-force attacks since the script can continue trying out password guesses until it succeeds.

“Today’s most common attack methods are still quite basic: keyloggers that steal a person’s user name and password, brute-force dictionary attacks on the log-in, or simply guessing people’s weak passwords and PINs,” said Curtis Staker, chief executive of Confident Technologies.

In a recent Cambridge University survey of 150 popular websites, more than 126 sites, or 84 percent, were found to not restrict the number of failed log-in attempts. The list included Amazon, eBay and WordPress.

Failed attempts

Since many people have a hard time remembering their passwords, they keep trying until they get it right. “Most websites allow far too many failed authentication attempts because they can’t tell if it’s a legitimate user who has forgotten their password or if it’s a criminal attempting to break into the account,” Staker said.

More than half of major data breaches in 2010 were the result of attackers using brute-force software, which relies on a dictionary database to exploit weak passwords, according to Verizon’s 2011 Data Breach Investigations report.

KillSwitch lets network managers tell the difference between legitimate log-in failures and an attacker trying randomly generated passwords, Confident said.

To log on to a site deployed with Confident’s technology, the user has to choose a sequence of encrypted images to create a unique one-time password. During registration, the user selects several categories in a certain order, such as fruit, animal and car. During the log-in process, the user is not asked to select the same image each time since it varies each time. Instead, the user selects images that fit that secret category sequence, such as selecting an apple, dog and a Jeep for one log-in, and a banana, cat and a Porsche at a later time.

‘No pass’ images

With KillSwitch, the user is asked during registration to block two categories that will never be used. If a third-party trying to figure out the user’s image sequence accidentally selects an image that is in the “no pass” category, then the system sends out an alert to the network administrator to warn about a possible breach and collect information about the attempt, such as the attacking IP address, behavioral biometrics and geographic location.

Confident KillSwitch is cloud-based and can be integrated with any of Confident’s image-based authentication products for websites, mobile applications and mobile devices, the company said.

With the spate of data breaches and increased hacking in 2011, the market is flooded with products promising to foil attackers. Network forensics tools track down everything attackers are doing on the network, and sophisticated security information and event management (SIEM) systems correlate logs and identify anomalies. New network-monitoring tools designed to identify botnet traffic from all the other web traffic help administrators find and shut down infected systems.