New vulnerability exploits autofill feature to steal passwords

Researchers have discovered a new vulnerability in Android password managers that could allow malicious apps to steal user credentials. The vulnerability, dubbed “AutoSpill,” exploits a flaw in the way password managers handle autofill requests.

When a user fills out a form on an Android device, the device’s operating system will automatically check with installed password managers to see if they have a saved credential for that form. If a password manager does have a saved credential, it will be automatically filled into the form.

The AutoSpill vulnerability exploits this process by allowing malicious apps to inject themselves into the autofill request. When the user fills out a form, the malicious app will intercept the request and send it to its own server. The server can then extract the user’s credentials and use them to log into accounts.

The vulnerability affects all Android password managers that use the autofill API. To exploit the vulnerability, a malicious app must be installed on the user’s device. The app can then be used to steal credentials from any form that the user fills out.

Additional Information:

Here are some additional details about the AutoSpill vulnerability:

  • The vulnerability was discovered by researchers at the International Institute of Information Technology (IIIT) at Hyderabad.
  • The vulnerability was first reported at the Black Hat Europe security conference in October 2023.
  • Google has been notified of the vulnerability and is working on a fix.

In the meantime, users can take steps to protect themselves from the AutoSpill vulnerability. One way to do this is to disable autofill for forms that are not trusted. Users can also use a password manager that offers two-factor authentication (2FA). 2FA adds an extra layer of security by requiring users to enter a code from a physical device, such as a smartphone, in addition to their password.

The AutoSpill vulnerability is a serious security threat to Android users. Users should be aware of the vulnerability and take steps to protect themselves.tunesharemore_vertadd_photo_alternatemicsend_spark