Views: 13
Hello Friends!! Now a days we are using smartphone with multiple apps which helps us life easier or faster. In this most we may use password manager apps. Today i saw one of the article password manger security issues in Android.
Security researchers of the Fraunhofer Institute found severe security issues in nine password managers for Android that they analyzed as part of their research.
Password managers are a popular option when it comes to storing authentication information. All promise secure storage either locally or remotely, and some may add other features to the mix such as password generation, automatic sign ins, or the saving of important data such as Credit Card numbers or Pins.
A recent study by the Fraunhofer Institute looked at nine password managers for Google’s Android operating system from a security point of view. The researchers analyzed the following password managers: LastPass, 1Password, My Passwords, Dashlane Password Manager, Informaticore’s Password Manager, F-Secure KEY, Keepsafe, Keeper, and Avast Passwords.
The team’s conclusion should have anyone worried who implements a password manager on Android. While it is unclear whether other password manager applications for Android have vulnerabilities as well, there is at least a chance that this is indeed the case.
At least one security vulnerability was identified in each of the apps the researchers analyzed. This went as far as some applications storing the master key in plain text, and others using hard-coded cryptographic keys in code. In another case, installation of a simple helper application extracted the passwords stored by the password application.
Three vulnerabilities were identified in LastPass alone. First a hard-coded master key, then data leaks in browser search, and finally a vulnerability affecting LastPass on Android 4.0.x and lower which allows attackers to steal the stored master password.
You can check out the full list of apps analyzed and the vulnerabilities on the Fraunhofer Institute website.
Note: All disclosed vulnerabilities have been fixed by the companies who develop the applications. Some fixes are still in development. It is recommended that you update the applications as soon as possible if you run them on your mobile devices.