News

‘Android password managers do not properly protect login details during autofill’

By admin
Spread the love

Indian researchers have discovered that Android password managers do not properly protect login details when using the autofill function. According to the researchers, a framework within Android is at the root of the problem.

The vulnerability was named AutoSpill and was revealed on Black Hat Europe. There, the researchers showed that if an Android user wants to log in via an app, they can also be given the option to do so via a web page of the in-app browser.

Password managers can enter login details on that page via the autofill function, but should do so according to the researchers also share the login details with the underlying app, and not only with the web page with input fields that can be filled in via the autofill function. This could allow malicious app makers to steal users’ login details.

According to the researchers, a framework within Android is at the root of the problem. The vulnerability is said to be contained in versions 10, 11 and 12 of the Android operating system and in password managers 1Password, LastPass, Keeper, Enpass and Keepass2Android. The companies behind these password managers are said to be aware of the vulnerability.

You might also like
Extensions & Addns

ShortcutKey2URL for Chrome . Extension

News

Water collection from the air using a portable system

Review

AMD X870 Motherboards Review- ASUS, ASRock and MSI present line-ups

Review

New eras for old favorite – Civilization VII Review

Review

Waterproof range for your garden – TP-Link Deco X50-Outdoor Quick Test

Downloads

Download Office 365 Offline Installer ISO / IMG

Exit mobile version