Android

Spell check leaks password to Google, Microsoft

Source: Michael Mandiberg via Flickr.com, CC BY-SA 2.0 license

Researchers discovered that there is an unexpected way in which the password can still be known to third parties, through the spell checker.

Spell check appears to be overzealous

We all make typos from time to time. But luckily there is the handy spell checker that immediately suggests the correct version of the word. Prepare of course and this saves a lot of time. But sometimes you also add new words and words that are often used are often added automatically. One word, which is of course unique per person and that you use very often, is the password. So it is obvious that the spell checker also saves this word.

Spell check unintentionally forwards passwords (and more)

And unfortunately it turns out to be the case. The local spell checker in the Microsoft and Google grids, Microsoft Edge and Google Chrome respectively, does indeed store the password. And because information is constantly being sent to the makers of the spell checker, Google and Microsoft, these passwords also end up with them.

That is, of course, a huge security flaw. Although the security at both companies is very good, it has happened before that billions of user accounts have been hacked in a major data hack. If your password is in there, you obviously have a problem.

All the more so because it is not only your password that is sent by something, but also things such as social security numbers, birth dates, bank details and other often private information that you often enter.

Chrome’s Enhanced Spell Check and Microsoft Editor

To reassure you, this issue only occurs with the extended versions of the spell checker. This can be found, for example, in Chrome’s Enhanced Spellcheck and Microsoft Editor. Still, and rightly so, privacy experts are very concerned about this.

Spell Jacking

For example, every time you make the password visible, the browser sends this password to the tech giants. Not a pleasant thought, of course. A phenomenon called Spell-Jacking by its discoverer. Hopefully this leak will be fixed soon in the spell checker.

Leave a Reply

Your email address will not be published. Required fields are marked *