AutoSpill:从移动密码管理器凭证泄漏

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 2023-04-24 DOI:10.1145/3577923.3583658

Ankit Gangwal, S. Singh, Abhijeet Srivastava

{"title":"AutoSpill:从移动密码管理器凭证泄漏","authors":"Ankit Gangwal, S. Singh, Abhijeet Srivastava","doi":"10.1145/3577923.3583658","DOIUrl":null,"url":null,"abstract":"Password managers (PMs) are becoming increasingly popular on mobile devices, especially on small-screen devices, mainly due to the convenience of automatically filling credentials into login forms. Modern mobile OSes advocate for system-wide autofill frameworks to support autofilling on browsers as well as other apps. Mobile OSes also empower apps to directly render web content within WebView controls without redirecting users to the main browser. \\par We present a novel technique, called AutoSpill, to leak users' saved credentials during an autofill operation on a webpage loaded into an app's WebView. AutoSpill conveniently dodges the secure autofill process. The majority of popular Android PMs considered in our experiments were found vulnerable to AutoSpill; even when the app hosting the WebView is not actively participating in the leak. Android intermediates in the autofill process because of its app sandboxing. Hence, the responsibility for any credential leakage is often stranded between PMs and the Android system. We investigate the root causes of AutoSpill and propose countermeasures to fundamentally fix AutoSpill for both the parties. We responsibly disclosed our findings to the affected PMs and Android security team.","PeriodicalId":387479,"journal":{"name":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"AutoSpill: Credential Leakage from Mobile Password Managers\",\"authors\":\"Ankit Gangwal, S. Singh, Abhijeet Srivastava\",\"doi\":\"10.1145/3577923.3583658\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Password managers (PMs) are becoming increasingly popular on mobile devices, especially on small-screen devices, mainly due to the convenience of automatically filling credentials into login forms. Modern mobile OSes advocate for system-wide autofill frameworks to support autofilling on browsers as well as other apps. Mobile OSes also empower apps to directly render web content within WebView controls without redirecting users to the main browser. \\\\par We present a novel technique, called AutoSpill, to leak users' saved credentials during an autofill operation on a webpage loaded into an app's WebView. AutoSpill conveniently dodges the secure autofill process. The majority of popular Android PMs considered in our experiments were found vulnerable to AutoSpill; even when the app hosting the WebView is not actively participating in the leak. Android intermediates in the autofill process because of its app sandboxing. Hence, the responsibility for any credential leakage is often stranded between PMs and the Android system. We investigate the root causes of AutoSpill and propose countermeasures to fundamentally fix AutoSpill for both the parties. We responsibly disclosed our findings to the affected PMs and Android security team.\",\"PeriodicalId\":387479,\"journal\":{\"name\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3577923.3583658\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3577923.3583658","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

密码管理器(pm)在移动设备上变得越来越流行，尤其是在小屏幕设备上，主要是因为它可以方便地自动将凭据填写到登录表单中。现代移动操作系统提倡系统范围的自动填充框架，以支持浏览器和其他应用程序的自动填充。移动操作系统还允许应用程序直接在WebView控件中呈现web内容，而无需将用户重定向到主浏览器。我们提出了一种名为AutoSpill的新技术，它可以在加载到应用程序WebView的网页上进行自动填充操作时泄露用户保存的凭据。AutoSpill可以方便地避开安全的自动填充过程。在我们的实验中，大多数受欢迎的Android pm都容易受到AutoSpill的攻击;即使承载WebView的应用程序没有积极参与泄漏。Android在自动填充过程中处于中间位置，因为它的应用程序沙盒。因此，任何凭证泄漏的责任通常是在pm和Android系统之间搁浅的。我们调查了AutoSpill的根本原因，并为双方提出了从根本上修复AutoSpill的对策。我们负责任地向受影响的pm和Android安全团队披露了我们的发现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

AutoSpill: Credential Leakage from Mobile Password Managers

Password managers (PMs) are becoming increasingly popular on mobile devices, especially on small-screen devices, mainly due to the convenience of automatically filling credentials into login forms. Modern mobile OSes advocate for system-wide autofill frameworks to support autofilling on browsers as well as other apps. Mobile OSes also empower apps to directly render web content within WebView controls without redirecting users to the main browser. \par We present a novel technique, called AutoSpill, to leak users' saved credentials during an autofill operation on a webpage loaded into an app's WebView. AutoSpill conveniently dodges the secure autofill process. The majority of popular Android PMs considered in our experiments were found vulnerable to AutoSpill; even when the app hosting the WebView is not actively participating in the leak. Android intermediates in the autofill process because of its app sandboxing. Hence, the responsibility for any credential leakage is often stranded between PMs and the Android system. We investigate the root causes of AutoSpill and propose countermeasures to fundamentally fix AutoSpill for both the parties. We responsibly disclosed our findings to the affected PMs and Android security team.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量