Forgot your password?
typodupeerror
Android IOS Security Software Windows

Researchers Hack Gmail With 92 Percent Success Rate 87

Posted by Soulskill
from the good-enough-for-an-A dept.
SternisheFan sends this report from CNET: Researchers at the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a weakness they believe to exist across Android, Windows, and iOS operating systems that could allow malicious apps to obtain personal information. Although it was tested only on an Android phone, the team believes that the method could be used across all three operating systems because all three share a similar feature: all apps can access a mobile device's shared memory. "The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an associate professor at UC Riverside. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user." To demonstrate the method of attack, first a user must download an app that appears benign, such as a wallpaper, but actually contains malicious code. Once installed, the researchers can use it to access the shared memory statistics of any process (PDF), which doesn't require any special privileges.
This discussion has been archived. No new comments can be posted.

Researchers Hack Gmail With 92 Percent Success Rate

Comments Filter:
  • Blast from the past (Score:4, Interesting)

    by Megane (129182) on Friday August 22, 2014 @03:57PM (#47732899) Homepage

    Blocking access to the memory space of other processes has been a solved problem since timesharing in the '60s and '70s, right?

    I assume they aren't running in a flat address space with no MMU, so maybe the problem is that the apps all operate under the same user ID, which bypasses the usual multi-user protections. Perhaps "run each app with a unique user ID" will be something we'll see a lot of in the next few years, like the no-execute bit and ASLR were in the 2Ks?

  • by sumdumass (711423) on Friday August 22, 2014 @04:20PM (#47733075) Journal

    Corect me if i'm wrong.

    In desktop and server os'the memory allocation is controlled by the os. So couldn't a solution be having the OS control direct memory acces and just present the ap with a table in order to mimic current practices and backwards compatability? Or would that be too much overhead for these devices?

    Or am i way off base here?

  • Re:Yawn. (Score:5, Interesting)

    by SansEverything (3785255) on Friday August 22, 2014 @04:22PM (#47733083)

    There's an important detail which, for me at least, is surprising. From the paper:

    "In this paper, we report that on the Android system (and likely other OSes), a weaker form of GUI confidentiality can be breached in the form of UI state (not the pixels) by a background app without requiring any permissions."

    No permissions required, OUCH. The permission system was already considered useless, because all apps abuse permissions, but this really puts a nail in its coffin.

    You download a simple Wallpaper app, or whatever, that requires no permissions to check your call data and other bullshit. What harm can it do, right? WRONG. If the flaw is in the window manager implementation, I wonder if this will be even fixed! And other OSes might be vulnerable.

  • Re:tl;dr (Score:5, Interesting)

    by vux984 (928602) on Friday August 22, 2014 @04:23PM (#47733097)

    An immediate work-around would be to randomly place the log-in screen within a pre-determined area such that the hostile app would be unable to immediately overlap it. The double image will tell the user something is wrong.

    The double image will tell the user something is wrong.

    How is that a work around?

    Its a phone. The login 'window' is going into a 3" to 5" space and is full screen in nearly every implementation. The 'popup' that the hostile app preempts simply covers the whole screen.
    All in all not a particularly powerful attack vector.

    Quite the opposite. Its a very powerful attack vector; and given the surprisingly good ability to time the pre-emption a very dangerous one.

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill

Working...