Your mobile password manager might be exposing your credentials


Due to a flaw in the autofill feature of Android applications, some well-known mobile password managers are unintentionally disclosing user passwords.

University researchers at the IIIT Hyderabad have discovered a vulnerability they have dubbed “AutoSpill,” which can expose users’ saved credentials from mobile password managers by evading Android’s secure autofill mechanism. This research was presented this week at Black Hat Europe.Ideally, the password manager should only autofill into the loaded Google or Facebook page when the autofill feature is triggered. However, we discovered that the autofill feature can inadvertently reveal the login credentials to the main application.

Read More…