Forgot your password?
typodupeerror
Android IOS Security Software Windows

Researchers Hack Gmail With 92 Percent Success Rate 87

Posted by Soulskill
from the good-enough-for-an-A dept.
SternisheFan sends this report from CNET: Researchers at the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a weakness they believe to exist across Android, Windows, and iOS operating systems that could allow malicious apps to obtain personal information. Although it was tested only on an Android phone, the team believes that the method could be used across all three operating systems because all three share a similar feature: all apps can access a mobile device's shared memory. "The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an associate professor at UC Riverside. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user." To demonstrate the method of attack, first a user must download an app that appears benign, such as a wallpaper, but actually contains malicious code. Once installed, the researchers can use it to access the shared memory statistics of any process (PDF), which doesn't require any special privileges.
This discussion has been archived. No new comments can be posted.

Researchers Hack Gmail With 92 Percent Success Rate

Comments Filter:
  • Yawn. (Score:3, Insightful)

    by Anonymous Coward on Friday August 22, 2014 @04:49PM (#47732827)

    So if I install malicious software, I can be hacked? Stop the presses!

  • Re:Oh sure (Score:5, Insightful)

    by Anonymous Coward on Friday August 22, 2014 @05:38PM (#47733173)

    The article that shows no proof that other OSes are vulnerable but asserts that these people "believe" those OSes might be? Yeah, sounds like rock-hard evidence there.

  • by dgatwood (11270) on Friday August 22, 2014 @06:12PM (#47733347) Journal

    Then its using pre-calculated patterns of the shared memory usage (presumably allocation order, sizes allocated, NOT the actual memory contents etc) to guess what the user is doing in the other app. Then, when it detects a pattern that corresponds with "I'm about to log in" it pre-empts the app with its own phishing login screen skinned to look like the original. The user is -expecting- a login screen to popup, and one that looks right does... so they enter their credentials.

    Really? Android allows one app to take control of the screen and become foreground without explicit user interaction? There's the security flaw right there. The shared memory stuff is noise by comparison.

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir

Working...