Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Many Android password managers unsafe

28.02.2017

Researchers at Fraunhofer SIT have found security gaps in Android password management apps - users should update apps

The Fraunhofer Institute for Secure Information Technology (SIT) has identified serious security gaps in Android's password apps. In many of the most popular password managers, cybercriminals could easily gain access to protected information, for example, if the attacker is on the same network. The manufacturers were informed and have corrected the vulnerabilities.


Many password apps are not as secure as they seem.

Fraunhofer SIT

However, users should ensure that they are using the updated app version. The Fraunhofer SIT experts will present the details of their analyses in April at the "Hack In The Box" conference in Amsterdam. The Institute's CodeInspect tool used for the tests will be shown at CeBIT in Hanover from 20-24 March in Hall 6, Stand B 36.

An individual password is required for each application and user account. Users can easily lose track of or forget their passwords. Here, password managers provide a remedy: The user only has to remember a single master password, all other accesses and passwords are stored securely in the application. But what if the security mechanisms have flaws? A research team at Fraunhofer SIT has analyzed a number of popular Android password manager apps. Result: Many of these password apps were unsafe.

In some of the analyzed apps, including LastPass, Dashlane, Keeper and 1Password, the security experts found several implementation errors that led to serious security gaps. "For example, some applications store the entered master password in plain text on the smartphone," explains Dr. Siegfried Rasthofer, an Android expert at Fraunhofer SIT. As a result, encryption can easily be circumvented, and all data is available to the attacker without the user noticing it.

In addition, many applications ignore the problem of the clipboard, which makes "sniffing" possible. It means that the clipboard is not cleaned after the credentials are copied to it and that virtually any other app could access the clipboard. On top of this, who can be sure that there is no other certain app that would exploit this in order to obtain the access information to the password manager? In other cases, it would have sufficed for the attacker to be on the same network; but the loss of equipment could also have a significant risk to users.

"The security analysis of apps is part of our daily business. With CodeInspect and Appicaptor, we have developed our own tools that allow us to review apps very efficiently and in detail for their security, even when the apps’ source codes are not available. This applies to both Android and iOS," explains Dr. Rasthofer. With its tools, Fraunhofer SIT has already revealed many weaknesses in apps. These include the ones that have resulted from careless programming, for example, but also those that were most likely built into apps intentionally.

"We have informed the manufacturers of the affected password managers about the security gaps. Everyone has responded and the vulnerabilities have been closed, "explains Rasthofer. On devices downloading apps from the App Store these issues have now been fixed. Users that have not enabled automatic updates should update the applications immediately. Which apps have been affected and further details about the vulnerabilities can be found at http://sit4.me/pw-manager

Weitere Informationen:

https://team-sik.org/trent_portfolio/password-manager-apps/

Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT

Further reports about: Android App Store CeBIT Informationstechnologie SIT

More articles from Information Technology:

nachricht Study suggests buried Internet infrastructure at risk as sea levels rise
18.07.2018 | University of Wisconsin-Madison

nachricht Microscopic trampoline may help create networks of quantum computers
17.07.2018 | University of Colorado at Boulder

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: First evidence on the source of extragalactic particles

For the first time ever, scientists have determined the cosmic origin of highest-energy neutrinos. A research group led by IceCube scientist Elisa Resconi, spokesperson of the Collaborative Research Center SFB1258 at the Technical University of Munich (TUM), provides an important piece of evidence that the particles detected by the IceCube neutrino telescope at the South Pole originate from a galaxy four billion light-years away from Earth.

To rule out other origins with certainty, the team led by neutrino physicist Elisa Resconi from the Technical University of Munich and multi-wavelength...

Im Focus: Magnetic vortices: Two independent magnetic skyrmion phases discovered in a single material

For the first time a team of researchers have discovered two different phases of magnetic skyrmions in a single material. Physicists of the Technical Universities of Munich and Dresden and the University of Cologne can now better study and understand the properties of these magnetic structures, which are important for both basic research and applications.

Whirlpools are an everyday experience in a bath tub: When the water is drained a circular vortex is formed. Typically, such whirls are rather stable. Similar...

Im Focus: Breaking the bond: To take part or not?

Physicists working with Roland Wester at the University of Innsbruck have investigated if and how chemical reactions can be influenced by targeted vibrational excitation of the reactants. They were able to demonstrate that excitation with a laser beam does not affect the efficiency of a chemical exchange reaction and that the excited molecular group acts only as a spectator in the reaction.

A frequently used reaction in organic chemistry is nucleophilic substitution. It plays, for example, an important role in in the synthesis of new chemical...

Im Focus: New 2D Spectroscopy Methods

Optical spectroscopy allows investigating the energy structure and dynamic properties of complex quantum systems. Researchers from the University of Würzburg present two new approaches of coherent two-dimensional spectroscopy.

"Put an excitation into the system and observe how it evolves." According to physicist Professor Tobias Brixner, this is the credo of optical spectroscopy....

Im Focus: Chemical reactions in the light of ultrashort X-ray pulses from free-electron lasers

Ultra-short, high-intensity X-ray flashes open the door to the foundations of chemical reactions. Free-electron lasers generate these kinds of pulses, but there is a catch: the pulses vary in duration and energy. An international research team has now presented a solution: Using a ring of 16 detectors and a circularly polarized laser beam, they can determine both factors with attosecond accuracy.

Free-electron lasers (FELs) generate extremely short and intense X-ray flashes. Researchers can use these flashes to resolve structures with diameters on the...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Leading experts in Diabetes, Metabolism and Biomedical Engineering discuss Precision Medicine

13.07.2018 | Event News

Conference on Laser Polishing – LaP: Fine Tuning for Surfaces

12.07.2018 | Event News

11th European Wood-based Panel Symposium 2018: Meeting point for the wood-based materials industry

03.07.2018 | Event News

 
Latest News

Pollen taxi for bacteria

18.07.2018 | Life Sciences

Biological signalling processes in intelligent materials

18.07.2018 | Life Sciences

Study suggests buried Internet infrastructure at risk as sea levels rise

18.07.2018 | Information Technology

VideoLinks
Science & Research
Overview of more VideoLinks >>>