Every time you install an application, sign up or sign in to a website, and even visit some locations on the Internet, you run the risk of having information stolen. This is true for PCs and mobile devices including smartphones, so a lot of people are working to secure your favorite devices. At Duke University researchers have developed a feature for Android that can catch and block some malicious programs from stealing your passwords.
Malicious hackers interested in stealing your passwords can be very clever with how their methods by mimicking legitimate apps so users will sign in, thinking it is safe, only to have their information forward to the hacker. Some hackers even create mock-keyboards to record a user typing in passwords on an on-screen keyboard. To combat these attacks, Duke researchers developed ScreenPass, a secure keyboard with some special features. One feature is to track information sent by an app, to verify it is going to the correct servers and another is to detect mock-keyboards. When tested, ScreenPass identified multiple apps that transmitted passwords in plaintext, stored passwords in unencrypted files, and apps that transmitted passwords to third-party servers.
To determine how user-friendly ScreenPass is, the researchers installed it on the phones of 18 volunteers who reported it was not a burden to use after three weeks. The source code is presently available for download, so one day we may see it integrated into smartphone operating systems.
Source: Duke University