INI Adjunct Professor Collin Jackson and Eric Chen (ECE PhD) referenced in Apple iOS 8 security update


September 29, 2014

INI Adjunct Professor Collin Jackson and ECE PhD student Eric Chen (CMU-SV) co-authored a paper with David Silver, Suman Jana and Dan Boneh, all from Stanford, which led to their inclusion in Apple’s iOS 8 security update. According to Chen, “We discovered an issue with mobile Safari's password manager that allowed a man-in-the-middle attacker (e.g., a coffee shop's Wi-Fi that the user is connected to) to automatically extract the user's stored passwords on various sites specified by the attacker. This attack is completely automated and invisible to the user.”

Their paper explaining this work is included in the Proceedings of the 23rd USENIX Security Symposium.