Experts Advise On Commercial Password Managers Vulnerable To Attack By Fake Apps

It has been reported that researchers at the University of York have shown that some commercial password managers (depending on the version) may not be a watertight way to ensure cybersecurity. After creating a malicious app to impersonate a legitimate Google app, they were able to fool two out of five of the password managers they tested into giving away a password. The research team found that some of the password managers used weak criteria for identifying an app and which username and password to suggest for autofill. This weakness allowed the researchers to impersonate a legitimate app simply by creating a rogue app with an identical name.