**** *******, ******* [**** ** ****** *********], aims ** ********* *********, ********* **** **** patterns.
******** **** ********* *** *****, ** simple *********, **-**** *********, ***** ***** attacks ** *********, ***. ****** *********** problems.
*** *** '********' *** **** *******?
****** **** ******, ** ***** *** test ******** ** *******'* ********.
Uses ********, *** *******
****** **** * ***** ******** ** PIN,*********** * ****** ** ******** ******* that ********** ** ***** ** *** display. ** ***** *********, *** **** types ** *** ******** ******* ********* the ***** ** * ******** ******* they **** ********** *******.
*** ********* ***** ***** ******* ********* and ***** ** *** ******** ***** composing * ******* ********:
*** *** ** *** *******'* ********, is **** ****** ********* **** *** entirely ********* *******. *** ********* ********* / shifts ******* ***** **** ********* **** the ****** ** *****:
******* ****** **** *** ****** ****** '2.1 ******* ******** ******** ** *** 6x6 ****** (** *** *** *** cell *****)', *** **** ** '**** if ******* ***** *** **** *******, your *********** ** ******* *** ****-**** will ** *********', ********* ** * higher ********, ****** *** '****' ******* of * ********.
********** * *******, ** ********** * PIN *** **** ******, ******* ******* or ******** ******* ** ***** **. In *** **** ** *******'* **** website, **** **** * ***** **** where ***** ***** * *** *******.
Overview *****
** *** ***** *****, ** **** how Shayype ***** *** *** ** ** ********* than ******** ***** **************:
Claimed **********
******* ****** **** ******* *** **** codes ****** ** ****** *** ********** patterns ** ******* *** *** **** to *****, ***** ****** ** **** secure. ** ******** ** *** ******* defining *** ********, ******* ****** ******* other ********** **** ******** *********, *********:
- ** ****** '*****': **** *******, ***** ** *** need ** ***** *** ******, ** fixed ******* ******* ** ***** * code, *** **** *** *** ******* with ***** **** *** ***** ** using * ******** ******. **** ** different **** *********** ******* ***** **** time, ********* *** ** **** ******** buttons *** ****** ****** ** ****, 'telling' ********* ******* ***** ******* *** used *** ***** ******. *******'* *** screen *** * **** ** ******* buttons ** *** **** **** ** not **** ******* ******** ** **** of *** ******* ***** ****.
- ****-**-*****: ** *** ********* ****** *** between * - *, **** ***** is ******** ******** ***** ** *** matrix, ******* ************ *******. ** ******* sees * **** ***** *******, ** could *********** ** ******* ********* ********.
- ******* ************: **** ** ***** ****** ****** patterns, **** '*- ******' ** '**** corners', *** ***** *** ******* ** entered **** **** ** *****, ** moving **** *****-**-****, ** ******* * gap, ** ******** *** **** **** twice **** ** *** ********* ** a ******** ****** ** ******. ********, key ******* ** ****** ********* *** useless ** **********, ** *** ****** they ******* ** **** ******** ** a ******** ******* *** ********* *********.
Online ****
*** ******* ***** *'***** ** *******' ******* ***** *******. **** ***** ****** email *********, ******* ******* ** ******* page ********** *** *** *** *** ******** are ********** *** *** *** ****** ***** themselves.
***********
*** *** ******* ********, *******'* ****** does **** *********, ********** *** *** physical ******** ******. *** *** **** include:
- ** ******* ***: ******* ** ***** ** **** with * **** ***** ***-****** **********, and *** *** *** **** ******* or ******** ** ** *** ********. While * ********** ****, *** ******** lacks *** ******* *** *** ******* lacks ********** ** ********** *** *** production.
- ******** ***** ********: ***** **** ********* ** ******* than ****, ******* ******** *** ***** be ********* ** ******** *** *** given ** ************ *****. **** ***** that ************* ******** ** ***** *** be *******, *** ********* ********** ***** can ***** ***** ***** *****.
- *****-***** ****: ******* ** ***** ********* ** two **-********** **** ******* ******** ******** or *************, *** **** ********** ** marketing *** ************** [**** ** ****** available] *** *** ***** ********* ********* ******** **** *******, *****, IBM, *** *-******. *******, ******* *** **** *********** experience ******** *** ******** ** ****** or ********** *** ******** ******* ******* phases.
Vote / ****
Versus ************
*** ******** ******** ************, ******* ***** be ** *********** *** *** ******** access ******* ** ******* *** *** in ****** *******. ****** **** ******* stagnant **** **** *** ******* ** memorized ** ******** ** ************ *****, Shayype ***** ******* '*********** ********' ** PINpads ** ***** * ********* ****** of ********** ***** *****.
**** '**** ********' ******* **** ********* where ******* *** ****** ******* **** still **** ****** ***** ****** **** snoopers, ** *** ***** ** *** code **** *** ****** *** **** the ********* *** ******* ******. ****** forms ** ************ **** **** *****, as ***** ** *** ***** ******* ****: ******* ****:
******* *********** ******** *** ******** ** PINs ** *** ***** ***** ********* at ***, ******* ************* * *********** weak **** ** ****** **********.
Still ***** ** ******
** *** ********* *** *******'* *******-***** PINs, *** *** ****** *** ******* needs ** *********** ** *** ** done **** *********** *** ********, ***** the **** ** ***** ****** *** this ********.
Comments (16)
Undisclosed End User #1
I know that a canadian company Cryptocard had something similar to this. I thought it was patented. Now Cryptocard was sold to Safenet, which is now part of Gemalto. I wonder if these people will get sued. :)
Create New Topic
Undisclosed #2
1 6 31 36 15 22 may not need much explaining :)
Create New Topic
Undisclosed #3
This makes it more challenging for a casual shoulder surfer to catch your pin, but a determined person might catch video of the session, and the users pattern can then be determined as long as the session pattern and the entered pin are captured.
Maybe it's unlikely to be able to get this on video thanks to a polorized filter limiting the angle of view and a well-obscured key pad in which case I guess it's pretty good at preventing stolen credentials.
But it's only marginally more difficult to share the pattern with a friend as a pin. Their demonstration video shows just how to do it. A quick scribble on a sticky note and the credentials are shared.
And any modern ACS should support resetting the password via an email link. Every WordPress blog out there does it, and it's free, so that doesn't really excite me. It should be standard.
If you want to prevent sharing of access control credentials, use dual factor authentication, anti pass back, and strong company policy against sharing.
The multifactor authentication itself will strongly limit the possibility of stolen access credentials, and scheduled access along with anti pass back will pretty much limit unauthorized access to the folks who are going to get in no matter what electronic measures are in place.
Afaik, all of this is already available on the market so as innovative as shayypes system appears to be, imo it is not adding significantly more security than what is already available in the market.
Just me?
Create New Topic
Paul Shah
Can I Phish it by creating a fake image of the box to capture the pattern? It seems that all I need the pattern and it doesn't matter what the ransom numbers are.
The attack just changed from capturing the the random numbers to capturing a static pattern.
Create New Topic
Paul Shah
So if I were to present you a fake page that had the image and layout of the the matrix layout with arbitrary numbers, you were to click on the on the fake matrix and then i would be able to know your pattern and order.
I wouldn't be able to login at that moment, but I accomplished my goal.
Once I have your pattern and order, I can go to the real site, click on the real squares, grab the real random numbers to login to the real site
Then there is the MITM attack.
Create New Topic