Browser setting to turn off right now

Modern day browser’s have a very useful feature in-built which is the auto-fill. It can assist a user by automatically filling in forms and other important fields without user needing to manually enter the data each time. It is a one time process thereby after which browser can pre-fill the stored user data onto the form each time user visits a site requiring a form fill-up, sign-up process or finishing online purchases by entering credit card and other crucial details.

It is a very useful feature indeed but with a very serious security problem. As demonstrated by a Finnish developer Viljami Kuosmanen, users can easily fall into hacker’s trap if they use autocomplete feature on unknown websites. Scammers have found a sneaky way to retrieve the stored information using autocomplete feature.

Scammers could simply add additional “hidden” boxes to the page, and trick people into giving away more info than they intended to. Users think they’re just entering their name and email address, but “hidden” text boxes are automatically filled in with more sensitive data like address, phone number, and credit card number.

Below is the demonstration given by Viljami as a proof of concept –

Affected browsers include big shots like Chrome, Safari, and Opera, as well as extensions like the password manager/form filler LastPass, which is perhaps an even more obvious target. So, if you’re currently using any of these, it’d be wise to head to your Preference menu and temporarily disable the auto-fill feature until a security patch is pushed out. To deactivate the feature in Chrome, go to Settings, Advanced Settings, and uncheck the boxes beneath Passwords and Forms. Stay safe folks.

Here is the image after successfully retrieving the full user info taken from the above –

browser-settings

 

 

Pass this post on and let others know about this too.  It may save someone from falling prey unknowingly to an hacker.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s