ADVERTISEMENT

Digital wallets and the rise of the identity trojan

Just when we thought it was safe to open our wallets, here comes the identity trojan.

Identity trojan

Image by Cybernews / Shutterstock.

Susan Morrow
Susan Morrow Contributor
Nov 29, 2023 Updated: 29 November 2023 3 min read

Are identity wallets as good a target as mobile banking apps?

ADVERTISEMENT

Are there any safe identity havens?

  • Biometric authentication: Biometrics authentication springs to mind when considering mitigating a trojan's impact. However, the Android banking trojan, "SharkBot," found by the Cleafy Threat Intelligence Team in 2021, can take over a user's device and bypass multi-factor authentication mechanisms, including biometrics.
  • Mobile app shielding: involves using various code techniques, such as obfuscation and Runtime Application Self-Protection (RASP), to add complexity and detect and respond to attacks. However, bypassing RASP is possible, especially as ensuring that protection is consistent across all operating environments can be challenging. RASP may also find it difficult to inspect encrypted data, such as that found in identity wallets, preventing the detection of an attack.
  • End-to-end and storage encryption: this is security 101 and must be fundamental in any identity wallet. However, encryption is only as good as encrypted data's authentication and access control – see biometrics and Sharkbot above.
  • Auto-updates: again, security 101, and besides, the access control aspect overrides the protection afforded by timely patches.
  • Blockchain-based wallets: blockchain was the starting gun, making the noise needed to kick-start the identity wallet industry. Organizations like Sovrin developed a governance framework based on public blockchains to provide the backbone for decentralized self-sovereign identity: a laudable goal. However, blockchain doesn't offer any additional security against trojans. Once wallet credentials are compromised, the blockchain credentials are also at risk, and your data can be used to perform online transactions.

Your identity wallet or your life (or both)

ADVERTISEMENT