Earlier this week, news surfaced about browser-based attacks on password managers via an ad tracker vulnerability that collects data from hidden fields.
Is Dashlane impacted? No.
If you use Dashlane, which is designed with security as a core tenet, then this news shouldn’t worry you.
If you use your browser to store your passwords and personal information, you may be at risk. In this case, we’d suggest switching to a password manager, and generating new passwords to sensitive accounts in one click.
Dashlane does not fill in detected hidden fields with your sensitive data.
Now that we have that cleared up, let’s take a look at what the ad tracker vulnerability is exploiting, and why Dashlane is not affected.
Ad Tracker Vulnerability, Explained
Ad trackers inject scripts on webpages, and these scripts can add content to the page. A tracking pixel, for example.
The researchers from Princeton University, who discovered the vulnerability, highlighted a new tracking technique exploiting web browser’s internal password managers.
These trackers can add specially crafted hidden fields on the page to trick password managers into filling them. This method allows them to more reliably track users between websites.
See the following diagram from the original research article:
Why Dashlane Isn’t Impacted by the Ad Tracker Vulnerability
When a user visits a website (and the user has a credential for this website with the “always log me into this website” checked, which is the default), Dashlane will try to automatically log the user in.
However, using semantic analysis, Dashlane is able to identify most of the hidden fields in a given webpage and decline to fill in a user’s login credentials or personal information.
That means Dashlane protects you, and your personal information, from the known ad-tracker attacks that try to steal your data if a hidden field is detected.
What you still need to do:
- With Dashlane, and with any other software that you use, always make sure you update to the latest software. Software updates keep your software running quickly and ensure your software is protected.
- As a general rule, beware of the web sites you are browsing on and the way they track you and share your data. Malicious trackers can leak your data without you knowing. You can use browser extensions such as Ghostery to learn more about which sites have which trackers.