Modern day browser’s have a very useful feature in-built which is the auto-fill. It can assist a user by automatically filling in forms and other important fields without user needing to manually enter the data each time. It is a one time process thereby after which browser can pre-fill the stored user data onto the form each time user visits a site requiring a form fill-up, sign-up process or finishing online purchases by entering credit card and other crucial details.
It is a very useful feature indeed but with a very serious security problem. As demonstrated by a Finnish developer Viljami Kuosmanen, users can easily fall into hacker’s trap if they use autocomplete feature on unknown websites. Scammers have found a sneaky way to retrieve the stored information using autocomplete feature.
Scammers could simply add additional “hidden” boxes to the page, and trick people into giving away more info than they intended to. Users think they’re just entering their name and email address, but “hidden” text boxes are automatically filled in with more sensitive data like address, phone number, and credit card number.
Below is the demonstration given by Viljami as a proof of concept –
— Viljami Kuosmanen ⭐ (@anttiviljami) January 4, 2017
Affected browsers include big shots like Chrome, Safari, and Opera, as well as extensions like the password manager/form filler LastPass, which is perhaps an even more obvious target. So, if you’re currently using any of these, it’d be wise to head to your Preference menu and temporarily disable the auto-fill feature until a security patch is pushed out. To deactivate the feature in Chrome, go to Settings, Advanced Settings, and uncheck the boxes beneath Passwords and Forms. Stay safe folks.
Here is the image after successfully retrieving the full user info taken from the above –
Pass this post on and let others know about this too. It may save someone from falling prey unknowingly to an hacker.