Android Password Managers Expose User Data in Major Security Breach
Security researchers have discovered a major vulnerability, called AutoSpill, that affects the Android autofill function in popular password managers. The vulnerability allows hackers to bypass security mechanisms and expose credentials to the host app. Password managers such as 1Password, LastPass, Enpass, Keeper, and Keepass2Android are vulnerable to the exploit, along with DashLane and Google Smart Lock when a JavaScript injection method is enabled. While there is no evidence of exploitation in the wild, the researchers warn that the implications of AutoSpill are highly dangerous. The affected password managers and the Android security team have been informed, and fixes are being developed.
- Warning As 1Password, DashLane, LastPass And 3 Others Leak Passwords Forbes
- Six of the most popular Android password managers are leaking data ZDNet
- AutoSpill vulnerability of Android password managers exposes login data Notebookcheck.net
- AutoSpill attack steals passwords from password manager during autofill CybersecurityNews
- IIIT Hyderabad researchers show how hackers can steal information from Android password managers The Indian Express
Reading Insights
0
1
3 min
vs 4 min read
85%
694 → 101 words
Want the full story? Read the original article
Read on Forbes