• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

ZenGo Warns About CurveBall Vulnerability on Windows 10 Devices

January 23, 2020

ZenGo Warns About CurveBall Vulnerability on Windows 10 Devices

ZenGo is warning users about a cryptography vulnerability that affects devices running an unpatched version of Windows 10. The CVE-2020–0601 vulnerability was first uncovered by the NSA, and was later picked up by ZenGo, which gave it the much catchier “CurveBall” moniker.  

So how does CurveBall work? In plain terms, a hacker seeking to exploit CurveBall can leverage the vulnerability to trick Windows 10 users into visiting seemingly legitimate sites, where they will then be prompted to install malware that is masquerading as (again) seemingly legitimate programs and updates. That malware can then be used to steal funds from a web wallet, or mine personal information in a manner akin to the malicious Google Play apps recently detailed by Buguroo.

CurveBall only affects web wallets and Windows 10 desktops that have not yet downloaded the latest Windows Update, which will effectively fix the problem. For those who are unsure about the status of their computer, ZenGo has created a CurveBall test page that will tell them whether or not their machine is still exposed to the vulnerability.

To give its own consumers some additional peace of mind, ZenGo stressed that its own cryptocurrency wallet was built exclusively for mobile platforms, and was not built in a Windows production environment. The organization also noted that CurveBall is specifically related to the way Windows validates certificates, and not the cryptography itself. That means that the platform is not vulnerable to the exploit, and the same is true for any blockchains that use Elliptic Curve Cryptography, including Bitcoin and Ethereum.

In November, ZenGo updated its app to offer support for stablecoin cryptocurrencies. Shortly before that, the company also teamed up with Unbound Tech and Sepior to form the MPC Alliance, which was set up to encourage more organizations to adopt multiparty computation technology.  

Filed Under: Industry News Tagged With: cryptocurrency wallets, cryptography, CurveBall, cybersecurity, hack attacks, malware, online security, security vulnerabilities, Windows 10, ZenGo

Related News & Articles

Face ID Hits Symbolic Milestone

Ericsson Teams with Russia’s Biggest Mobile Operator on 5G R&D

BioCatch Wins “Best Innovation in Securing Transactions” at Florin Awards

Primary Sidebar

Learn About Mobile ID and Aviation

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Nordic-Baltic Ministers to Push for Cross-Border Digital ID Interoperability
  • 1Password Rolls Out Passkey Support for iOS Users
  • Somalian Government Launches Digital ID System
  • Philippines Authorities Aim to Roll Out Mobile IDs By Year’s End
  • Ethiopian Authorities Enroll Students in Biometric Digital ID Program

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld