Researchers from IIIT at Hyderabad presented at Black Hat Europe security conference, revealing that most Android password managers are vulnerable to the AutoSpill hacking attack. This attack allows malicious apps to steal user data during autofill, even without JavaScript injection. The vulnerability stems from Android’s lack of clear guidelines for handling autofilled data, leaving room for interception. Several popular password managers, including 1Password, LastPass, and Keeper, were found to be vulnerable. However, Google Smart Lock and DashLane, which utilize a different autofill approach, did not leak data unless JavaScript injection was used.
Share via:
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
IIIT-Hyderabad researchers show how hackers can steal account details via Android password managers, Google responds
Researchers from IIIT at Hyderabad presented at Black Hat Europe security conference, revealing that most Android password managers are vulnerable to the AutoSpill hacking attack. This attack allows malicious apps to steal user data during autofill, even without JavaScript injection. The vulnerability stems from Android’s lack of clear guidelines for handling autofilled data, leaving room for interception. Several popular password managers, including 1Password, LastPass, and Keeper, were found to be vulnerable. However, Google Smart Lock and DashLane, which utilize a different autofill approach, did not leak data unless JavaScript injection was used.
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi
