IIIT Hyderabad discovers Android apps may leak login information
By MYBRANDBOOK
Researchers from IIIT Hyderabad discovered that Android apps that use autofill, reveal login information to the hosting app. On Android systems, a vulnerability caused by password managers' uneven processing of autofill requests might result in the theft of sensitive data. Both Android and password managers are at blame for the credential AutoSpill.
The researchers lead by Prof. Ankit Gangwal from the Centre for Security, Theory and Algorithmic Research (CSTAR), IIIT-Hyderabad, found that every time an app loads a login page in WebView, an autofill request is generated from that WebView, the password managers and mobile operating system get disoriented about the target page for filling in the login credentials.
While the expected behaviour is to populate the login page in WebView, the app loading the WebView could get access to the sensitive information. Prof. Gangwal said when a user tries to login to a music app on the mobile device via Google or Facebook, the music app will open Google or Facebook login page inside itself i.e., within the music app via the WebView
“When the password manager is invoked to autofill the credentials, ideally it should autofill only into the Google or Facebook page that has been loaded. But we found that the autofill operation could accidentally expose the credentials to the base app, which in this case is your music app,” Prof. Gangwal explained.
He emphasized that even without phishing, any malicious app that asks login via another site, can automatically get access to sensitive information.
The findings, which will be presented at BlackHat Europe 2023 conference in December, concluded that both the Android system and the password managers are equally responsible for the credential AutoSpill.
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
EXIDE INDUSTRIES LTD.
BEETEL TELETECH LTD.
DELL TECHNOLOGIES INDIA PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
Technology Icons Of India 2023: C P Gurnani
CP Gurnani (popularly known as ‘CP’ within his peer group), is the...
Technology Icons Of India 2023: Rajendra Singh Pawar
Rajendra Singh Pawar is an entrepreneur and businessperson who founded...
Technology Icons Of India 2023: Gautam Adani
Gautam Adani is the Founder and the Chairman of the Adani Group, an In...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...