Wednesday, December 13

How worried should we be about the “AutoSpill” credential leak in Android password managers?

Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety.

Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Images)

By now, you’ve probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it poses is real, but it’s also more limited and easier to contain than much of the coverage to date has recognized.

This FAQ dives into the many nuances that make AutoSpill hard for most people (yours truly included) to understand. This post wouldn't have been possible without invaluable assistance from Alesandro Ortiz, a researcher who discovered a similar vulnerability in Chrome in 2020.

Q: What is AutoSpill?

Read 31 remaining paragraphs | Comments

No comments:

Post a Comment