AuthCode: Our award-winning continuous-authentication system, jointly developed with the University of Murcia

Tuesday, December 11, 2018

Continuous-authentication systems aim to identify users’ behavior through interactions with their device. The main advantage of this type of authentication is that it improves users’ experience when using services or apps of their mobile device, free from intrusions. Fruit of a joint research with the University of Murcia, we were able to develop AuthCode. This project reached such a stage of maturity that we could present it over the Security Innovation Day 2018. Furthermore, it has won several awards and prizes. Let’s explain what AuthCode is in further detail.

In most cases, continuous authentication avoids using passwords, access patterns, biometric recognition, etc. when the user wish to have access to an app or service requiring authentication. In this sense, permanent authentication increases users’ security regarding the operations executed on the device. Moreover, we can take advantage of this continuous trust status to make user app interactions much simpler and more fluent by doing so, users’ experience gets better.

The Framing Effect: you make your choices depending on how information is presented

Monday, November 26, 2018

The Framing Effect image

You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have much time, so you must decide on the implementation of one of two potential security programs, but the decision must be taken now!

Cyberintelligence Report: Global Banking Cyber Report

Thursday, November 22, 2018

As the world becomes more digital, new opportunities and threats arise and we tend to focus more on our daily business. As a result, when we are trying to develop a new product, website or application, we use to prioritize speed, convenience and ease of implementation over security.

ElevenPaths has conducted an analysis of 56 of the world's leading banks. This analysis is based on public archives, web applications and mobile applications from these banks and addresses three key aspects of cybersecurity:
  • Integrated security in mobile applications.
  • Metadata available in public documents.
  • The information we can obtain about service communications and their quality (i.e. open ports on servers, their vulnerabilities, etc.).

CapaciCard: an Elevenpaths' own physical technology materializing simple identification and authorization

Tuesday, November 20, 2018

Can you imagine to be able to authenticate or authorize a payment just by placing a plastic card on your mobile phone screen? (without circuitry, neither NFC connection nor additional hardware are required). So now try to imagine the same scenario but placing that card on a laptop touchpad. Over the last Security Innovation Day, we presented several technologies developed by our team, of which we are especially proud. Along this entry we will talk about CapaciCard.

CapaciCard, tecnología física de identificación y autorización de forma sencilla

m33tfinder: a vulnerability on Cisco Meeting Server detected by ElevenPaths

Friday, November 16, 2018

On November 7th, while we were holding our Security Innovation Day, Cisco published a security advisory with CVE-2018-15446 associated to a vulnerability on the software Cisco Meeting Server reported by our Innovation and Labs team. Such vulnerability could allow a remote attacker to gain access to sensitive information as well as to join those meetings held through this software. Cisco Meeting Server (previously named “Acano”), is a video conferencing software enabling users to held meetings through different clients, such as Cisco Jabber, Cisco Meeting App, Skype for Business or via WebRTC with a supported browser.

m33tfinder: a vulnerability on Cisco Meeting Server detected by ElevenPaths imagen