Prof Ankit Gangwal (IIIT Hyderabad): “Stealing Credentials from Mobile Password Managers”

2 July 2024, 14-15 h in PB-H 0103

This talk focuses on modern mobile password managers and presents a novel attack called AutoSpill (Best Paper Award at CODASPY ’23 and BlackHat EU Briefings ’23). AutoSpill on Android password manager leaks users’ saved credentials during an autofill operation. AutoSpill conveniently dodges Android’s secure autofill process and allows the attacker to get user credentials for free, i.e., the attacker does not even need to write the code to steal/phish credentials. The majority of popular Android password managers we considered in our experiments were found vulnerable to AutoSpill. Finally, the talk concludes with various practical countermeasures for our attack.

Prof. Ankit Gangwal, International Institute of Information Technology (IIIT) Hyderabad, India
Prof. Ankit Gangwal, International Institute of Information Technology (IIIT) Hyderabad, India

Ankit Gangwal is an Assistant Professor at International Institute of Information Technology (IIIT) Hyderabad, India. Prior to joining IIIT Hyderabad, he was a Post-Doctoral Researcher at TU Delft, Netherlands. He was also a visiting researcher at Stevens Institute of Technology, USA. He received his Ph.D. degree from University of Padova, Italy. His main research interest is in the area of cybersecurity, machine learning model security, and blockchains.

Tags
Jan
Jan

Head of Outreach and PR and coordinator of DFG Research Unit "Learning to Sense". ZESS staff photographer.

Articles: 80

Related Posts