We all know that web browsers are evolving essential tools to give users the best features. One of those that have arisen, and which more and more people use, is the automatic filling of fields. But, beware this autofill data can be phished.
Beware!! Your Browser’s Autofill Data Can Be Phished
Browsers are evolving essential tools to give users the best features. One of those that have arisen, and which more and more people use, is the automatic filling of fields.
But if they felt that this functionality was secure, it has now been proven that most browsers leak more information than the user sees and authorizes.
Whenever we navigate to a web page, the browser attempts to populate user data, making it easier to use automatically and thus saving your time.
Autocomplete Issue
If we can visibly control and even change the data that is placed in these fields, the truth is that browsers can send much more information without the users being notified or the authorization given. This information can range from the most sensitive data to the credit card numbers.
This is why I don't like autofill in web forms. #phishing #security #infosec pic.twitter.com/mVIZD2RpJ3
— Viljami Kuosmanen (@anttiviljami) January 4, 2017
This failure has been shown by a Finnish hacker, Viljami Kuosmanen, who put in his Twitter account evidence that any web page can exploit this.
The workaround for this problem
There is no longer a solution to this problem that is known to affect most browsers like Chrome, Safari, Opera and even the Edge. Interestingly Firefox does not have this failure, since the automatic completion of this browser works differently, forcing the user to choose which data to use.
Until a solution emerges for the rest, the solution is to disable autocomplete or to take care of the pages where they authorize this data to be used. Note that this problem is not limited to the browser and is also in some extensions, such as LastPass.
If you want to confirm this failure, simply you can access this website, developed by Viljami Kuosmanen, where much more than your data entered will be displayed.
