| Title | : | A Tale of How Good Things Go Bad in Security |
| Speaker | : | Ankit Gangwal (IIIT Hyderabad) |
| Details | : | Tue, 25 Mar, 2025 11:00 AM @ SSB 334 |
| Abstract: | : | This talk focuses on modern mobile password managers and presents a novel attack called AutoSpill (BlackHat EU Briefings '23 and Best Paper Award at CODASPY '23). AutoSpill attack on Android password manager leaks user's credentials (stored in the password manager) during an autofill operation. AutoSpill conveniently dodges Android's secure autofill process and allows the attacker to get user credentials for free, i.e., the attacker does not even need to write the code to phish/steal credentials. The majority of popular Android password managers we tested in our experiments were found vulnerable to our AutoSpill attack. The talk concludes with a discussion on the practical countermeasures for our attack.
Bio: Ankit Gangwal is an Assistant Professor at International Institute of Information Technology Hyderabad (IN). He was a DAAD fellow at University of Siegen (DE) an SSHN fellow at EURECOM (FR), and a visiting researcher at Stevens Institute of Technology (USA). He was a Post-Doctoral Researcher at TU Delft (NL). He received his Ph.D. degree from University of Padova (IT). His main research interest is in the area of cybersecurity, machine learning model security, and blockchains. |
