This latest threat takes the form of something long thought to be innocuous – a web browser’s autofill feature. Turns out, it’s not so innocuous after all, and even worse, all the major web browsers are vulnerable.
New research reveals that a browser’s auto-fill feature works even on hidden fields. It can allow a hacker to set up a dummy page and create a series of capture boxes which the browser will dutifully fill with your personal data without any action by you. Since the boxes are invisible, there won’t be any outward sign that your data has just been pilfered.
The companies that make the major browsers have been made aware of the issue and are working toward a solution, so you can expect to see a patch for whatever browser you use on a regular basis. Be aware of two things in the meantime.
First, be sure you’ve got your browser set to auto-update, so you don’t have to do anything when the latest patch becomes available. Second, until the patch is ready, you may want to disable autofill.
Yes, it means a few extra steps when you’re buying something online and/or entering your passwords to sites you use on a regular basis, but that is a small price to pay to keep your personal data private.
Unfortunately, we can expect that this will not be the last major security flaw revealed this year. If anything, the pace of discovery is increasing with legions of hackers revealing security flaws faster than software companies can close the breaches they discover.
Expect 2017 to be a bumpy ride where digital security is concerned.