# Black Hat EU 2023

### Description

A presentation at Black Hat EU 2023 discussed credential stealing on mobile password managers. Keeper was listed as an impacted application. Keeper has safeguards in place to protect against this issue as described below.

### Keeper's Response

On May 31, 2022, Keeper received a report from the researcher about a potential vulnerability. We requested a video from the researcher to demonstrate the reported issue. Based upon our analysis, we determined the researcher had first installed a malicious application and subsequently, accepted a prompt by Keeper to force the association of the malicious application to a Keeper password record.

Keeper has safeguards in place to protect users against automatically filling credentials into an untrusted application or a site that was not explicitly authorized by the user. On the Android platform, Keeper prompts the user when attempting to autofill credentials into an Android application or website. The user is asked to confirm the association of the application to the Keeper password record prior to filling any information. On June 29, we informed the researcher of this information and also recommended that he submit his report to Google since it is specifically related to the Android platform.

Generally, a malicious Android application would first need to be submitted to Google Play Store, reviewed by Google and subsequently, approved for publication to the Google Play Store. The user would then need to install the malicious application from Google Play and transact with the application. Alternatively, the user would need to override important security settings on their device in order to sideload a malicious application.

Keeper always recommends that individuals be cautious and vigilant about the applications  they install and should only install published Android applications from trusted app stores such as the Google Play Store.

### Resources

A screenshot of Keeper's protection in place is displayed below. A user is prompted to trust the application from retrieving and filling the specified credentials. This security feature has been in place for several years and no additional updates are required.

<figure><img src="/files/m8Aix9qDtlcJ4FF2fYVN" alt="" width="375"><figcaption><p>Keeper Android prompt for Autofill</p></figcaption></figure>

This simple Android app demonstration can be viewed on Keeper's public Github repo:\
<https://github.com/Keeper-Security/android_webview_autofill>

To learn more about how to keep your smartphone safe, please visit:\
<https://www.keepersecurity.com/blog/2022/10/13/how-to-keep-your-smart-phone-safe-and-personal/>

If you have any questions, please email us at <security@keepersecurity.com>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/release-notes/keeper-security/security-advisories/black-hat-eu-2023.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.