PayPal patents new system to detect the theft of “super-cookies”

2FA means nothing if your cookies are stolen

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new way to detect the theft of ‘super-cookies’ has been developed by PayPal, which has filed a patent on the method.

Super-cookies can contain authentication tokens used bytwo-factor authentication(2FA), and when stolen provide unbridled access to victims accounts.

This bypasses any need to have the victims username and password, and effectively renders 2FA useless.

PayPal protection patent

PayPal protection patent

In the gritty details of the patent, PayPal details its method for detecting when super-cookies are stolen by hackers. The patented method can identify and modify the values of super-cookies using sequential encryption, and then compares the super-cookies across multiple storage locations depending on how likely they are to be used in fraudulent activity.

This level of risk is calculated by how vulnerable the super-cookie is in each particular storage location, and the how likely it is for a hacker to target that particular storage location to steal the super-cookie.

Each device can have several storage locations, with each cookie’s value being generated based on the value of the location before it. The cookie-location risk-scores are compared to a risk-tolerance level, and if the score goes above the threshold it is detected as fraudulent.

This method helps to identify when a cyberattack is happening and prevent it, reducing the effect of the attack on both the individual and their accounts with organizations. The patent was submitted in July of 2022 and titled, “Super-Cookie Identification for Stolen Cookie Detection,” but was only published by the US Patent and Trademark Office in February this year.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The increasing complexity of cyberattacks and the assistance of AI in attacks means that increasingly novel methods of detection and prevention are being developed by organizations. Whether this method will be used for PayPal customers remains to be seen.

ViaBleeping Computer

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics