YoVDO

AutoSpill - Zero Effort Credential Stealing from Mobile Password Managers

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Credential Theft Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a novel attack called AutoSpill that compromises Android's secure autofill process to steal user credentials from mobile password managers. Learn how this vulnerability affects the majority of top Android password managers, even without JavaScript injections, and becomes universally exploitable when JavaScript injections are enabled. Discover the fundamental reasons behind AutoSpill and examine proposed systematic countermeasures to address this security issue. Gain insights into the responsible disclosure process undertaken with affected password managers and the Android security team, including the acknowledgment of the issue by various password managers and Google.

Syllabus

AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube