Password managers vulnerable to insider hacking

phys.org | 8/15/2018 | Staff
fofo (Posted by) Level 3
Click For Photo: https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2014/computer.jpg

A new study shows that communication channels between different parts and pieces of computer software are prone to security breaches. Anyone with access to a shared computer – co-workers, family members, or guests – can attack or involuntarily subject it to security breaches.

Researchers from Aalto University and the University of Helsinki have found over ten computer security-critical applications that are vulnerable to insider attacks. Most of the vulnerabilities were found in password managers used by millions of people to store their login credentials. Several other applications were found to be similarly susceptible to attacks and breaches across the Windows, macOS and Linux operating systems.

Computer - Software - Processes - Tasks - Example

Computer software often starts multiple processes to perform different tasks. For example, a password manager typically has two parts: a password vault and an extension to an internet browser, which both run as separate processes on the same computer.

To exchange data, these processes use a mechanism called inter-process communication (IPC), which remains within the confines of the computer and does not send information to an outside network. For this reason, IPC has traditionally been considered secure. However, the software needs to protect its internal communication from other processes running on the same computer. Otherwise, malicious processes started by other users could access the data in the IPC communication channel.

Applications

"Many security-critical applications, including several...
(Excerpt) Read more at: phys.org
Wake Up To Breaking News!
Tagged:
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!