Case Study: ToothPic achieves malware- and SIM-swap-resistant passwordless authentication with Zimperium zKeyBox

Protecting Keys For Secure Passwordless Authentication

ToothPic provides a Key Protection SDK that turns each user’s smartphone into a verification key for secure passwordless authentication, binding private keys to the device’s camera sensor. Faced with the risk that keys in transit or in memory could be read or exfiltrated by malware or exploited via SIM-swap scams, ToothPic partnered with Zimperium and integrated Zimperium’s zKeyBox white‑box cryptography capabilities to strengthen key protection.

By embedding Zimperium’s zKeyBox into the Key Protection SDK, cryptographic operations involving protected keys run inside a secure execution environment, preventing exposure or exfiltration across mobile, web, and desktop platforms. As a result, ToothPic’s solution now delivers best‑in‑class flexibility and enhanced security and is deployed in digital banking, digital signature, crypto exchanges and wallets—making those applications resilient to malware and SIM‑swap attacks.

ToothPic

Giulio Coluccia

CEO & Co-Founder