You have reached your limit of free articles this month.

Enjoy unlimited access to SpringfieldNewsSun.com

Starting at just 99¢ for 8 weeks.

GREAT REASONS TO SUBSCRIBE TODAY!

  • IN-DEPTH REPORTING
  • INTERACTIVE STORYTELLING
  • NEW TOPICS & COVERAGE
  • ePAPER
X

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and interactive features. Starting at just 99c for 8 weeks.

X

Welcome to SpringfieldNewsSun.com

Your source for Clark and Champaign counties’ hometown news. All readers have free access to a limited number of stories every month.

If you are a News-Sun subscriber, please take a moment to login for unlimited access.

Android security flaw leaves Gmail vulnerable to hackers


Security researchers have uncovered a major flaw in mobile operating systems which could give hackers easy access to personal information. Here's the scary bit: The exploit can hack into your Gmail account with a 92 percent success rate.

Researchers from the University of Michigan and the University of California, Riverside, have detailed a type of hack they're calling a "UI state inference attack." Basically, a malicious app installed on your device can monitor that device's shared memory to get a general idea of what's happening on other apps.

And hackers can use this information to launch a variety of unpleasant attacks — one of the researchers showed how a UI inference attack could hijack the appearance of some apps to steal personal data, or even peek into the device's camera to copy photos. (Video via YouTube / Qi Alfred Chen)

A Greenbot writer notes actually using this vulnerability is pretty complicated. "First, you have to download a malicious app to start monitoring your activity. Then, the attack has to happen at the exact moment you are entering sensitive information. ... The malicious app has to inject a phony, look-alike login screen without the user noticing. That means the fake screen has to be precisely timed."

Despite the difficulty, researchers had pretty high success rates when testing seven popular apps. Gmail and H&R Block were particularly vulnerable, with a 92 percent success rate for the hack, while Amazon's app was only cracked 48 percent of the time.

Phys.org points out the Amazon app was more difficult to exploit since it allows users to transition between activities seamlessly, "increasing the difficulty of guessing which activity it is currently in."

The team only tested their hacks on Android phones, but suspect the exploit might be an issue on other platforms as well, since shared memory is a common feature of pretty much every mobile OS.

One of  the researchers noted this attack relies on the false belief that apps generally work in isolation of each other. "The assumption has always been that these apps can’t interfere with each other easily. ... One app can in fact significantly impact another and result in harmful consequences for the user."

The research is being presented Friday at the USENIX Security Symposium, which will hopefully lead to some solutions being developed. Until then, the best advice researchers have for avoiding these attacks is not to download sketchy apps in the first place.

This video contains images from Getty Images.

 



Reader Comments ...


Next Up in Technology

Gmail phishing scam may lead users to give up login info
Gmail phishing scam may lead users to give up login info

A new phishing scam is allowing hackers to gain access to unsuspecting Gmail users' accounts and target their login credentials, according to recent reports. Mark Maunder, CEO of security service Wordfence, described the scam in detail in a blog post, adding that it is also targeting other services beyond Gmail. Tech Times reported that the scam involves...
Tuna, star of the Amazing Acro-Cats, dies of cancer
Tuna, star of the Amazing Acro-Cats, dies of cancer

The cowbell won't sound quite the same now that Tuna, the star of the Amazing Acro-Cats cat circus, has died.Happy Cats Haven posted the news Friday on its Facebook page: "To all our fans of Tuna and The Rock Cats and the Amazing Acro-Cats, it's with many tears that we let you know that Samantha Martin's star kitty Tuna crossed the Rainbow Bridge...
7 small changes that will have a big impact
7 small changes that will have a big impact

It’s only a few weeks into 2017, but you’ve already come to an uncomfortable and familiar realization. New Year’s resolutions result in more guilt and depression than achievement. Forget about the big aspirations for a transformational do-over. They don’t work. How about making some small changes today that eventually can have...
Let’s have a cheer for the Amherst Hamsters
Let’s have a cheer for the Amherst Hamsters

Amherst, a tiny college of 1,795 really smart scholars in Massachusetts, made news last year when the board of trustees voted to drop Lord Jeffs as its athletic teams’ unofficial mascot. Lord Jeffery Amherst, historians discovered, was not necessarily a nice person. The 18th century British general reportedly once suggested giving smallpox-infested...
Stark numbers show heroin’s local grip
Stark numbers show heroin’s local grip

An average of seven Montgomery County residents a day were treated for drug overdoses by emergency departments in 2016, and one person alone made eight trips to the ER. Eleven people were treated twice in the same day for overdoses. The stark figures — amassed largely due to a devastating heroin epidemic — are found in a new Public Health...
More Stories