As operating systems have incorporated password managers, users have tended to trust them and despise any other alternative to save them. Now, it looks like we might be in danger. At least, Android users. We tell you all the details.
Password managers have become, for many, one of the most used features of our operating system. Thanks to the fact that all the data is saved in the cloud, we have become accustomed to the fact that any password we enter from our computer is automatically available on our mobile phone or tablet. Although the majority of most tools They have the most advanced security protocols, sometimes security gaps are identified that can compromise our most critical data.
Recently, it has been detected that various password managers They could be disclosing them as a result of a vulnerability that affects the autocomplete functionality of Android applications, which is called “AutoSpill.” This security breach has been discovered by researchers from the IIIT Hyderabad and, as a consequence, it may have affected thousands of users around the world.
It only affects Android phones
The situation occurs due to the data flow that Android integrates when entering passwords. Researchers have given as an example when we want to log in to an application using our Google credentials, For example. The music application opens a new window in which we must enter the Google credentials and when we use a password manager to autofill these credentials, the password should only be displayed in the application that will serve as the access key. In this case, Google.
However, in this process it has been detected a security breach which causes passwords to sometimes also be displayed in the base application. In this case, the music app. Researchers have stated that, even without carrying out a phishing attack, any malicious application that wants to capture the data of your users, could do so without needing to perform any overly developed attacks.
Most password managers
According to members who participated in the research, this vulnerability has been tested in the main password managers. Among them, LastPass, Enpass, 1Password or Keeper. And in most of these applications it has been detected that most of them were vulnerable to suffering from this data leak. So it would be a fairly general problem.
When this information has been put in the hands of the previously mentioned managers, the response has been diverse. While 1Password He told TechCrunch that the company had identified the problem and that I was working on a solution, other tools like Keeper contradicted the study, implying that the application had been tampered with in order to obtain that result. The rest of the applications have not yet commented on the matter, nor has Google itself, owner of Android, the affected operating system. In the meantime, we will have to remain attentive to possible new updates to password management applications to minimize the chances of being affected by them.
