Password Managers have become increasingly important to smartphone users as they provide a high level of convenience to users for filling out the information on a web page or application instead of typing out everything.
There is no need for users to remember a lot of different account passwords and usernames.
A type of credential stealing method has been identified that does not involve any kind of social engineering attacks or malicious code.
Threat actors can use legitimate Autofill service options provided by Android to steal credentials from users.
Roid's auto-filling process is insecure when using third-party authentication to fill out forms online.
Autofill service enables applications to utilize the built-in or external password managers for filling out login forms.
This particular credential-stealing method exists in the Webview controls provided by Android for applications.
Webview controls in Android enable applications to render their webview instead of opening the main browser, which gives a seamless experience to users.
This Webview also allows applications to have an in-built browser-type process that can also be used for logging in to other websites or applications using the OAuth protocol method, such as Login with Google, Microsoft, etc.
This service has been discovered to be leaking the credentials to the applications rather than having secure authentication inside the webview.
When this process takes place, the autofill leaks the auto-filling credentials stored inside Android Password Managers to the application that allows the webview.
Threat actors can use this method to steal credentials without using any kind of malicious code or phishing attacks.
This research paper was presented in the BlackHat Europe of 2023.
This attack was reported to the vendors and patches have been rolled out to the affected versions.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 11 Dec 2023 10:00:05 +0000