The Hackr

Security Flaws in Popular Android Password Managers

Security professionals has discovered 26 security flaws 9 most popular Android password managers exposing login data of Android users.

The team of security researchers associated with Darmstadt, Germany-based Fraunhofer Institute for Secure Information Technology, has discovered 26 serious security flaws in nine major Android password managers.

According to TeamSIK (Security Is Key) Portfolio, these flaws are so severe that user credentials can easily be exploited. However, this exploitation is possible by malicious cybercriminals without needing root permission.

The list of analysed apps includes MyPasswords, Informaticore, LastPass, Keeper, F-Secure Key, Dashlane, Hide Pictures Keep Safe Vault, Avast Passwords, and 1Password.

 

All tested apps were installed on at least 500,000 devices, with some apps having millions of users.

 

APPS FEATURED DIFFERENT KINDS OF FLAWS AS BELOW

♠     Storage of master password in plain text

♠     Encrypting master password but leaving encryption key hard-coded in the app’s source code

♠     Leaving user passwords in the phone’s shared clipboard space, where other apps could retrieve them

♠     Some password manager apps were vulnerable to data residue attacks (password recovery after uninstallation of password manager app)

♠     Apps were vulnerable to browser autofill phishing attacks

♠     Some password manager apps came with their own browser that was leaking user data

 

Furthermore, some of these apps store the master password in plain text format and reveal the encryption keys in coded form. While some follow such weak security mechanisms that the passwords can be accessed without social engineering. That means by cyber-criminals through installing a malicious app on the device.

According to TeamSIK report, most of the 26 inherent issues were patched by the developers after one month of their reporting except for Avast that did not release a patch for the security flaws.

Nevertheless, by March 1, Avast had also patched its product, and released latest versions to mitigate all issues.

 

          Beware of these kind of malicious apps and be secured and careful      

 

 

 

Abhilash

It was a hobby I got into a long time ago, hacking cameras. And I am here making posts @TheHackr today!

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!

up