Beware of Browser Autofill and Password Managers - They Can Leak Your Personal Data

 
Share on Facebook Tweet Share Share Reddit
Beware of Browser Autofill and Password Managers - They Can Leak Your Personal Data

Highlights

  • Firefox is currently secure against this attack
  • Information for hidden boxes can be retrieved from autofill system
  • Chrome has the option switched on by default

We all like to use the autofill and built-in password manager features offered by Internet browsers as well as some third-party password managers in order to save time and avoid the trouble of remembering dozens of credentials. However, a new phishing attack might make you think twice before using the feature again. The phishing attack, discovered by a Finnish Web developer and hacker, tricks browsers as well as password managers into giving away users' credentials using a fairly simple trick.

Finnish Web developer and hacker Viljami Kuosmanen has found that Google's Chrome, Apple's Safari, as well as Opera, and password manager app LastPass, can all be tricked into leaking a user's personal information through their profile-based autofill systems, reports The Guardian. Kuosmanen discovered that whenever a user tries to fill up a form on the webpage, the autofill systems fill up the boxes even if they are not visible on the page.

 

 

This effectively means that while filling up the forms, the autofill system can potentially give away users' sensitive information if they confirm the autofill - even if only for a few visible fields. Chrome browser's autofill option is switched on by default and stores information such as email addresses, phone numbers, credit card information etc., as pointed out in the report.

autofill story github Autofill Github

Interestingly, Kuosmanen has also made a website to demonstrate how the process works. The webpage asks users to write their name and email address and has the boxes for mobile number and address hidden from plain site - the browser then proceeds to autofill this additional information without knowledge of the user.

As Firefox browser autofills each field individually, it is protected against this kind of an attack but the company is apparently working on a multi-field autofill system as well.

In order to ensure protection against such a phishing attack, users are advised to switch off the features from their browser

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Windows 10 Preview Build Brings Dynamic Lock That Locks Your PC When You Move Away: Report
Nokia 6 Price, Launch Date Revealed; More Android Smartphones Expected on February 26
 
 

Advertisement