![]() ![]() On June 29, we informed the researcher of this information and also recommended that he submit his report to Google since it is specifically related to the Android platform.”Īlex Cox, director of threat intelligence with the LastPass mitigation and escalation team, told TechCrunch that “LastPass already had a mitigation in place via an in-product pop-up warning when the app detected an attempt to leverage the exploit. ![]() Keeper chief technology officer Craig Lurey said, “On the Android platform, Keeper prompts the user when attempting to autofill credentials into an Android application or website. This common scenario, the researchers said, includes examples such as “in-app opening of hyperlinks in Skype or Gmail mobile apps.,” as well as “the Login with Apple/Facebook/Google button for user authentication within a third-party mobile app.” Instead, and this is where it becomes very concerning for most Android phone users, those credentials can also be shared with the host app itself. ![]() What should happen is the credentials are automatically inserted into the login field for the page that is being loaded. Things get a little, well, a lot, less good when these credentials are filled following the invocation of a password manager. Instead, the autofill function kicks in and requests the login credentials in question. App developers have their apps show web content in this way, within WebView, so executing a separate web browser isn’t required. This pre-installed, default, Google component enables Android apps to display web content. The very aptly named AutoSpill vulnerability exists when an Android app calls for a login page using WebView. The researchers, Ankit Gangwal, Shubham Singh and Abhijeet Srivastava from the International Institute of Information Technology Hyderabad, presented their findings on December 6 at the Black Hat Europe hacker conference. What Is The Android AutoSpill Password Manager Vulnerability? ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |