You have reached your limit of free articles this month.

Enjoy unlimited access to SpringfieldNewsSun.com

Starting at just 99¢ for 8 weeks.

GREAT REASONS TO SUBSCRIBE TODAY!

  • IN-DEPTH REPORTING
  • INTERACTIVE STORYTELLING
  • NEW TOPICS & COVERAGE
  • ePAPER
X

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and interactive features. Starting at just 99c for 8 weeks.

X

Welcome to SpringfieldNewsSun.com

Your source for Clark and Champaign counties’ hometown news. All readers have free access to a limited number of stories every month.

If you are a News-Sun subscriber, please take a moment to login for unlimited access.

Android security flaw leaves Gmail vulnerable to hackers


Security researchers have uncovered a major flaw in mobile operating systems which could give hackers easy access to personal information. Here's the scary bit: The exploit can hack into your Gmail account with a 92 percent success rate.

Researchers from the University of Michigan and the University of California, Riverside, have detailed a type of hack they're calling a "UI state inference attack." Basically, a malicious app installed on your device can monitor that device's shared memory to get a general idea of what's happening on other apps.

And hackers can use this information to launch a variety of unpleasant attacks — one of the researchers showed how a UI inference attack could hijack the appearance of some apps to steal personal data, or even peek into the device's camera to copy photos. (Video via YouTube / Qi Alfred Chen)

A Greenbot writer notes actually using this vulnerability is pretty complicated. "First, you have to download a malicious app to start monitoring your activity. Then, the attack has to happen at the exact moment you are entering sensitive information. ... The malicious app has to inject a phony, look-alike login screen without the user noticing. That means the fake screen has to be precisely timed."

Despite the difficulty, researchers had pretty high success rates when testing seven popular apps. Gmail and H&R Block were particularly vulnerable, with a 92 percent success rate for the hack, while Amazon's app was only cracked 48 percent of the time.

Phys.org points out the Amazon app was more difficult to exploit since it allows users to transition between activities seamlessly, "increasing the difficulty of guessing which activity it is currently in."

The team only tested their hacks on Android phones, but suspect the exploit might be an issue on other platforms as well, since shared memory is a common feature of pretty much every mobile OS.

One of  the researchers noted this attack relies on the false belief that apps generally work in isolation of each other. "The assumption has always been that these apps can’t interfere with each other easily. ... One app can in fact significantly impact another and result in harmful consequences for the user."

The research is being presented Friday at the USENIX Security Symposium, which will hopefully lead to some solutions being developed. Until then, the best advice researchers have for avoiding these attacks is not to download sketchy apps in the first place.

This video contains images from Getty Images.

 



Reader Comments ...


Next Up in Technology

This ‘Hunger Games’ exhibit is SO worth the drive
This ‘Hunger Games’ exhibit is SO worth the drive

If you were looking for an excuse for a mini-getaway that’s less than 3 hours away, your moment has come. “Hunger Games: The Exhibition” is on display now at The Frazier History Museum in Louisville, Kentucky through September 10, 2017. Louisville is about 2.5 hours from Dayton’s center, so it can easily be a day or weekend...
Plant a tree in honor of Arbor Day
Plant a tree in honor of Arbor Day

Given that yesterday was Arbor Day, why not plant a tree this weekend? Garden centers are stock-full of great selections for your landscape and have lots of people on hand to help you pick out the perfect tree. If you decide to plant a tree, make sure you plant it properly for longevity. One of the biggest mistakes that I see is that people plant trees...
Humane society, Dayton firefighters rescue cat stuck in pipe
Humane society, Dayton firefighters rescue cat stuck in pipe

It took hours and special equipment for rescuers to free a cat today with its head stuck in a pipe embedded in a cement block in Dayton. The Humane Society of Greater Dayton responded to a report the cat had been stuck for hours. When they arrived, the cat had worn down its nails clenching at the ground trying to escape. The pipe was too thick to easily...
Hershey getting health conscious, cutting chocolate calories by 2022
Hershey getting health conscious, cutting chocolate calories by 2022

The Hershey Co. is promising to make major changes in the calorie count of some of its chocolate snacks. The company announced last week that it wants to cut the calories in 50 percent of its standard and king-size confectionary snacks by 2022, and include easier-to-read nutrition labels on the front of 100 percent of its standard and king-size packaging...
101-year-old woman wins 100-meter dash at World Masters Games
101-year-old woman wins 100-meter dash at World Masters Games

She came. She ran. She conquered.  A 101-year-old woman from India won gold in the 100-meter dash at the World Masters Games in New Zealand. Man Kaur may have been the only athlete competing in her age division in the race, but she finished in 74 seconds. Not bad for someone who only started running at 96, according to Sports Illustrated. The...
More Stories