An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
Some of Our Sources
- Techcrunch
- Pearsonified
- TutsPlus - Design
- Vandelay Design
- Web Design Ledger
- Wal You
- CSS Tricks
- Android Dissected
- Willems Lab
- Dev To
Help Webnuz
Referal links:
September 26, 2018 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SisjAu2upfM/password-managers-can-be-tricked-into-believing-that-malicious-android-apps-are-legitimate
Password Managers Can Be Tricked Into Believing That Malicious Android Apps Are Legitimate
A new academic study published today reveals that Android-based password managers have a hard time distinguishing between legitimate and fake applications, leading to easy phishing scenarios. From a report: The study looked at how password managers work on modern versions of the Android OS, and which of the OS features attackers can abuse to collect user credentials via phishing attacks carried out via fake, lookalike apps. What the research team found was that password managers, initially developed for desktop browsers, aren't as secure as their desktop versions. The problem comes from the fact that mobile password managers have a hard time associating a user's stored website credentials with a mobile application and then creating a link between that website and an official app. [...] Researchers say they tested the way five Android password managers create internal maps (connections) between a locally installed app and legitimate internet sites and found that four of the five were vulnerable to abuse. Android versions of password managers from Keeper, Dashlane, LastPass, and 1Password were found to be vulnerable and have prompted the user to auto-fill credentials on fake apps during tests. Researchers found that Google's Smart Lock app did not fall for this fake package name trick, and the reason was because it used a system named Digital Asset Links to authenticate and connect apps to a particular online service.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SisjAu2upfM/password-managers-can-be-tricked-into-believing-that-malicious-android-apps-are-legitimate
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot