Warning! AutoSpill Vulnerability Can Expose Your Passwords on Android

Share This Post

A new type of vulnerability was discovered by a team of researchers, which can exploit several popular Android password managers. Dubbed as “AutoSpill“, rightfully so as it exploits the password managers autofill functionality through WebView.

What is AutoSpill Vulnerability?

Ankit Gangwal, Shubham Singh, and Abhijeet Srivastava from IIT Hyderabad in India revealed that the AutoSpill vulnerability works by receiving the password managers into auto-filling credentials into an app’s native text fields. This happens when the app shows a login page through the WebView instead of launching the external web browser.

Password Managers Affected by AutoSpill

AutoSpill was put to the test against prominent password managers, including 1Password, LastPass, Keeper, and Enpass, on thoroughly updated Android devices by the researchers. Surprisingly, they discovered that most apps remained vulnerable, even when equipped with JavaScript injection protections. Enabling JavaScript proved that all tested password managers were prone to the vulnerability.

AutoSpill Vulnerability Fix

Moreover, the researchers have relayed this finding to the password manager apps and Google. One of the apps, 1password has acknowledged this vulnerability and will release a fix in the near future. Another app, Last pass has also claimed to have put some security measures in place. Hopefully, other password managers will also soon identify and release a security patch.

How To Prevent AutoSpill Attack?

The situation is quite severe as password managers are supposed to be the last app to get compromised. The malicious exploitation can cause serious damage by stealing hundreds of precious usernames and passwords. And we don’t have to imagine what the hackers will do with that information. It’s best to be cautious and also avoid these password manager apps for now.

Also Read  Android 14 GSI Download and Install on Your Phone - Dual Boot

Kudos to the Indian researchers for finding this severe vulnerability as this could have done some serious damage. But this incident shows how even modern innovations like these can easily be inflicted with hacks. It is always a good idea to not trust any app or website blindly. Only use certified Android apps from the Google Play Store and do not visit any shady websites.

source

Share This Post
Abhishek
Abhishek

Tech enthusiast, Content Creator and Blogger, sharing insights on technology since 2016. When not exploring gadgets, I enjoy movies, series, and anime.

Leave a Reply

Your email address will not be published. Required fields are marked *