Trust Stamp issues urgent warning regarding a newly discovered Trojan impacting iOS devices
- None.
- None.
Insights
The warning issued by Trust Stamp about the Trojan threats targeting financial institutions signifies a critical development in cybersecurity, with potential repercussions for the banking sector and its customers. The emergence of 'GoldDigger' and 'GoldPickAxe' Trojans indicates a sophisticated evolution in malware capabilities, particularly concerning because they target mobile devices which are increasingly used for banking transactions.
The implications of these Trojans are far-reaching. Financial institutions may need to invest in advanced cybersecurity measures, which can include real-time threat detection systems and enhanced customer verification processes that do not rely on potentially compromised biometric data. This could lead to increased operational costs and a need for continuous technological upgrades. In the short-term, banks may face direct financial losses due to unauthorized account access and in the long-term, there could be a loss of customer trust, which is critical for maintaining a stable customer base in the financial industry.
The announcement from Trust Stamp is likely to have a tangible impact on the financial performance of the company and potentially on the broader financial sector. Investors should be aware that cybersecurity threats like these can affect market perceptions of security in financial services, influencing stock prices of affected companies. Trust Stamp's role in providing AI-powered trust and identity services positions it as a key player in addressing these threats.
From an investment perspective, companies that offer solutions to combat such cybersecurity threats may see increased demand for their services, potentially leading to revenue growth. Conversely, financial institutions that fail to address these vulnerabilities could suffer reputational damage, customer attrition and declining share value. It is critical to monitor how these institutions respond to the threat and the effectiveness of their countermeasures.
The disclosure of the Trojans raises important legal considerations, particularly in the realm of data protection and privacy laws. Financial institutions are bound by various regulations to protect customer data, including the General Data Protection Regulation (GDPR) in Europe and similar laws in other jurisdictions. The theft of biometric data through Trojans like 'GoldPickAxe' could result in significant legal liabilities for these institutions.
Legal compliance and the potential for lawsuits become a concern for stakeholders. Institutions may need to review their data protection policies and ensure they are in line with the latest cybersecurity practices to mitigate risks. This could involve legal costs and potential settlements, which can have a substantial financial impact on the institutions. Furthermore, this situation highlights the importance of having robust incident response plans and the potential legal ramifications of failing to adequately protect customer data.
Trust Stamp issues an urgent warning regarding a newly discovered Trojan impacting iOS devices (as well as a predecessor Trojan impacting Android devices), with both being used to commit thefts from financial institution accounts
Atlanta, GA, Feb. 16, 2024 (GLOBE NEWSWIRE) -- Trust Stamp (Nasdaq: IDAI), the Privacy-First Identity CompanyTM, providing AI-powered trust and identity services to global customers in both the governmental and private sectors issued a warning to financial institutions and their customers regarding the emerging dangers of Trojans that are being used to gain unauthorized access to bank accounts.
In October of 2023 Group-IB (https://group-ib.com) researchers released a report regarding a newly discovered Android Trojan which they named “GoldDigger”. Subsequent to that report, Group-IB’s threat intelligence unit identified a cluster of aggressive banking Trojans targeting the APAC region. On February 15, 2024 Group-IB announced the discovery of “GoldPickAxe”, the first known iOS Trojan harvesting facial biometric data used for unauthorized access to bank accounts.
Scott Francis, Trust Stamp’s Chief Technology Officer commented, “Although these specific Trojan attacks currently appear to be confined to the APEC region, cybercrime is global and we have to assume that these attacks will spread very quickly. With fast evolving attacks such as these Trojans, being a good steward of biometric data demands systems that do not require that data to be stored on potentially vulnerable devices. Until the emergence of these Trojans, we worried about Android vulnerabilities, and iOS device security was treated as unquestioned, but now that has to be reconsidered.”
Scott Francis went on to say, “The work of organizations such as Group-IB is critical to countering sophisticated cybercriminals. As a D-Seal labeled company; we take data security and responsible use very seriously and we have developed AI-powered, privacy-centric systems to counter attacks such as those implemented by these Trojans. These include both our Stable IT2 TM technology and biometric multi-factor authentication. The Stable IT2 is revolutionary in that it does not save or retain any biometric data anywhere, in addition to which, no identifying data is stored on the user device. As a biometric cryptographic system, it provides authentication without leaving biometric breadcrumbs that could later be used by criminals. Biometric MFA combined with device authentication not only uses biometric authentication with proof of life but also ensures that the user is in possession of the authorized device, disrupting the transaction flow utilized by the attackers behind these Trojans”
Stable IT2 is a groundbreaking facial recognition technology designed for identity authentication, secure system access, and account protection. It derives a cryptographic token generated from a user’s facial biometrics to respond to cryptographic challenges and authenticate messages, enhancing security and user control over personal information.
At registration, Trust Stamp’s binding process combines a cryptographic key and biometric information to produce sketch and helper data that can be stored anywhere, including on edge wallets, mobile devices, or a distributed ledger. During authentication, the stable token is derived directly from a live scan of biometrics as opposed to storing the biometric template. The ultra-secure feature of Stable IT2 means that neither the secret nor the biometric information about the user is ever stored therefore it cannot be stolen. This process is highly efficient, providing quick and accurate identity verification thereby reducing the risk of account takeover by attackers.
Dr Norman Poh, Trust Stamp’s Chief Science Officer commented, "When a financial institution adopts Stable IT2, Trust Stamp's technology integrates into their existing back-end system to overhaul the facial recognition process. During registration a user's facial image is captured – typically via a selfie video, and this process generates a unique stable cryptographic token from the user’s face using Trust Stamp’s proprietary algorithm. This token, with at least 128 bits of entropy derived from the user's facial data, is further diversified and then used for all subsequent identity verifications across different accounts. During the authentication process, the system does not compare raw biometric data or traditional templates. Instead, it attempts to generate the same unique, stable cryptographic token from another liveness-assessed probe biometric sample. Since only the registered user can reproduce this unique token, the technology can be used to prove the presence of the registered user over the internet remotely, using standard cryptographic protocols including public key infrastructure. In other words, this is an ideal zero-knowledge proof solution for remote identity proofing applications."
Enquiries
Scott Francis, Chief Technology Officer: sfrancis@truststamp.ai
Norman Poh, Chief Science Officer: npoh@truststamp.ai
About Trust Stamp
Trust Stamp the Privacy-First Identity CompanyTM, is a global provider of AI-powered identity services for use in multiple sectors, including banking and finance, regulatory compliance, government, real estate, communications, and humanitarian services. Its technology empowers organizations with advanced biometric identity solutions that reduce fraud, protect personal data privacy, increase operational efficiency, and reach a broader base of users worldwide through its unique data transformation and comparison capabilities.
Located across North America, Europe, Asia, and Africa, Trust Stamp trades on the Nasdaq Capital Market (Nasdaq: IDAI). The company was founded in 2016 by Gareth Genner and Andrew Gowasack.
Safe Harbor Statement: Caution Concerning Forward-Looking Remarks
All statements in this release that are not based on historical fact are “forward-looking statements” including within the meaning of the Private Securities Litigation Reform Act of 1995 and the provisions of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. The information in this announcement may contain forward-looking statements and information related to, among other things, the company, its business plan and strategy, and its industry. These statements reflect management’s current views with respect to future events-based information currently available and are subject to risks and uncertainties that could cause the company’s actual results to differ materially from those contained in the forward-looking statements. Investors are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. The company does not undertake any obligation to revise or update these forward-looking statements to reflect events or circumstances after such date or to reflect the occurrence of unanticipated events.
FAQ
What warning did Trust Stamp issue regarding Trojans impacting iOS and Android devices?
What is the ticker symbol for Trust Stamp?
What Trojans were identified by Group-IB in the report?
What data does 'GoldPickAxe' Trojan harvest?
Who commented on the Trojan attacks for Trust Stamp?