Ultimate magazine theme for WordPress.

Gmail smartphone app hacked by researchers

0 0

US researchers say they have been able to hack into
Gmail accounts with a 92% success rate by exploiting
a weakness in smartphone memory.

The researchers were able to gain access to a
number of apps, including Gmail, by disguising
malicious software as another downloaded app.
Gmail was among the easiest to access from the
popular apps tested.

The hack was tested on an Android phone, but the
researchers believe it could work on other operating
systems.

A Google spokeswoman said the technology giant
welcomed the research. “Third-party research is one
of the ways Android is made stronger and more
secure,” she said.

The research is being presented later at a
cybersecurity conference in San Diego by academics
from the universities of Michigan and California.
Other apps hacked included H&R Block, Newegg,
WebMD, Chase Bank, Hotels.com and Amazon.

The Amazon app was the hardest to access, with a
48 per cent success rate.

The hack involves accessing the shared memory of a
user’s smartphone using malicious software
disguised as an apparently harmless app, such as
wallpaper.

This shared memory is used by all apps, and by
analysing its use the researchers were able to tell
when a user was logging into apps such as Gmail,
giving them the opportunity to steal login details and
passwords.

“The assumption has always been that these apps
can’t interfere with each other easily,” said Zhiyun
Qian, an assistant professor at the University of
California and one of the researchers involved in the
study.

“We show that assumption is not correct, and one
app can in fact significantly impact another and result
in harmful consequences for the user.”

In another example the researchers were able to take
advantage of a feature of the Chase Bank app which
allows customers to pay in cheques by taking
pictures of them with their device’s camera.

The researchers were able to access the camera to
steal the pictures as they were being taken, giving
them access to personal information including
signatures and bank details.

The tests were carried out on Android phones, but
the researchers believe the attacks could be
successful on other operating systems, including
Windows and the iOS system developed by Apple.

Leave A Reply

Your email address will not be published.