The Latest in IT Security

Vulnerable Android password managers make phishing attacks easier

02
Oct
2018
Vulnerable Android password managers make phishing attacks easier

best-android-password-managers

Android password managers can be tricked into entering valid login credentials into phishing apps, a group of researchers has discovered.

They have also found that Instant Apps, a Google technology that allows users to “try” Android apps without the need to fully install them, can make phishing attacks more practical.

The research

Simone Aonzo, Alessio Merlo, and Giulio Tavella from the University of Genoa and Yanick Fratantonio from EURECOM tested a number of Android password managers – 1Password, Dashlane, Keeper, LastPass, and Google Smart Lock – and found that all except that last one trust an app if it has the correct app package name.

But that package name can be spoofed by phishers and that’s enough for the password manager to suggest (autofill) the credentials on the user’s behalf.

Read More

Leave a reply


Categories

SATURDAY, DECEMBER 15, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks