Security researchers find vulnerabilities in all tested Password Managers for Android

Posted 01 March 2017 17:09 CEST by Jan Willem Aldershoff

German security researchers have analyzed the security of 9 popular password managers on Android and found vulnerabilities in all of them. Some password managers stored passwords in plaintext or had hardcoded encryption keys in the source code.

The German security researchers work for the Fraunhofer Institute for Secure Information Technology and checked the security of the Android versions of My Passwords, Informaticore Password Manager, LastPass, Keeper, F-Secure KEY, Dashlane, Hide Pictures Keep Safe Vault, Avast Passwords and 1Password.

In each application the researchers found one or more vulnerabilities. Passwords were stored plaintext, others hardcoded encryption keys in the source code. Both make it relatively easy for attackers to gain access to the passwords   In other cases it was possible to get access to the stored passwords with a forensic app and most passwords managers also didn’t protect against clipboard sniffing. This means that passwords were not removed from the clipboard after the users copied credentials.

 

The nine passwords managers were chosen based on the number of downloads reported by the Google Play Store. The researchers find their results alarming, their research shows that password managers, despite the claims of being “bank-level” or “military-grade” secure, in reality are not.

The researchers informed the password manager vendors about their results and report that all vulnerabilities have been fixed as of today.

 



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×