Autofill Feature Used to Relieve You of Unintended Details

February 3, 2017

You know the autofill feature that is in browsers these days? It is supposed to relieve you of having to constantly fill in details over and over such as your email address, phone number, and even credit card details when your filling in forms on web pages. Well, a Finn named Viljami Kuosmanen discovered how that time-saving trick can also relieve you of more information than you intend sending it off to the bad guys.

The feature can be activated in Chrome, Safari, and Opera and the vulnerability was proven to be found in all of those. What happens is when the data is requested on a form, it can also enter data into other text boxes, even if they don’t appear on the screen. So, say you’re adding your email address to a page to sign up for an online newsletter. If there is a box lurking in the background, it can also grab other details that are saved in the autofill settings of the browser like your address. Some plugins, such as LastPass can also be used this way with their profile-based autofill functions.

The best way to avoid this is to disable the autofill feature, no matter how tedious filling that information in the boxes gets. However, should you choose to use it, don’t add any payment card, bank account, or other sensitive data into your settings. For example, when Chrome asks if you want to save the payment card details in the browser, just click “no.” You can edit and delete the information stored in the autofill settings in your browser settings menus.

In addition, always make sure the anti-phishing features are active in your browsers and that you have anti-malware and anti-virus installed and kept up-to-date on your computers and devices.

There are a couple of bits of positive news with this. Firefox is not vulnerable because it doesn’t yet have the autofill functionality; although it is in the works. The trick also still relies on tricking users into entering the data in the fake form. So, as long as you know what to look for and are always on the lookout for phishing, you can avoid giving up your data when it wasn’t your intention.

© Copyright 2017 Stickley on Security