Thursday, October 3rd, 2013 - CryptoPhoto
Queensland company CryptoPhoto has launched the world’s first hacker-resistant service to provide protection against common practices that expose online users to identity theft and cybercrime.

The CryptoPhoto service requires the website to authenticate itself to the user during the login process, by using random photos on the user’s mobile phone.

Noosa based inventor and security specialist Chris Drake warns that existing systems can be hacked or bypassed -- even biometrics, as demonstrated by this week’s embarrassing hack of the TouchID fingerprint sensor on the new iPhone 5s, which prompted a German hacking group to state "Biometrics (is not designed) for securing everyday device access."

Standard two-factor authentication using SMS and other services such as RSA tokens that generate random codes are equally unsafe, with Telstra* saying that SMS should not be used for transmitting codes.

“CryptoPhoto makes use of random unique images and the user’s phone to prevent victims falling prey to phishing, malware, imposters, and all other common attack techniques,” Drake said.  “Unlike our competitors, we literally block phishing. Potential victims cannot be tricked into revealing passwords - not by web sites, not by phone calls, and not in person.”

CryptoPhoto, which was granted a worldwide patent last year, solves the problem of password cracking and phishing by using a single click on an image on the user’s phone to validate the login details.

“It's a radical approach – we’ve turned authentication backwards – instead of just you proving to the website who you are, the CryptoPhoto-protected website proves itself to you at the same time as you log in – no one’s done that before.”

Drake says that the industry cannot continue to blame “stupid users” in our complex world. 

“There is a lot of psychology in hacking and it happens both online and offline. People cannot be expected to remember hundreds of logins, and infallibly recognize every attack attempt they encounter,” he says.

“Without wanting to sound harsh, the security industry is full of thieves, crooks and liars – they are the snakeoil merchants of our time, hyping up the irrelevant threats they address, and burying all mention of their wide range of vulnerabilities.  It is making the web a very dangerous place to be, yet most of us must participate.

“Everywhere there is an innocent user who has forgotten a password or lost a security token, there’s also a hacker stealing identities, information, and money by pretending to be that innocent user.”

CryptoPhoto is designed as a solution for website owners that want to comprehensively protect their users – typically banks, government agencies, ISPs, domain registrants, website hosting providers and cloud services.

*Telstra declares SMS unsafe: http://www.itnews.com.au/News/322194,telcos-declare-sms-unsafe-for-bank-transactions.aspx