live video

Trump speaks at Phoenix rally; angry protesters gather outside

Android security flaw leaves Gmail vulnerable to hackers


Security researchers have uncovered a major flaw in mobile operating systems which could give hackers easy access to personal information. Here's the scary bit: The exploit can hack into your Gmail account with a 92 percent success rate.

Researchers from the University of Michigan and the University of California, Riverside, have detailed a type of hack they're calling a "UI state inference attack." Basically, a malicious app installed on your device can monitor that device's shared memory to get a general idea of what's happening on other apps.

And hackers can use this information to launch a variety of unpleasant attacks — one of the researchers showed how a UI inference attack could hijack the appearance of some apps to steal personal data, or even peek into the device's camera to copy photos. (Video via YouTube / Qi Alfred Chen)

A Greenbot writer notes actually using this vulnerability is pretty complicated. "First, you have to download a malicious app to start monitoring your activity. Then, the attack has to happen at the exact moment you are entering sensitive information. ... The malicious app has to inject a phony, look-alike login screen without the user noticing. That means the fake screen has to be precisely timed."

Despite the difficulty, researchers had pretty high success rates when testing seven popular apps. Gmail and H&R Block were particularly vulnerable, with a 92 percent success rate for the hack, while Amazon's app was only cracked 48 percent of the time.

Phys.org points out the Amazon app was more difficult to exploit since it allows users to transition between activities seamlessly, "increasing the difficulty of guessing which activity it is currently in."

The team only tested their hacks on Android phones, but suspect the exploit might be an issue on other platforms as well, since shared memory is a common feature of pretty much every mobile OS.

One of  the researchers noted this attack relies on the false belief that apps generally work in isolation of each other. "The assumption has always been that these apps can’t interfere with each other easily. ... One app can in fact significantly impact another and result in harmful consequences for the user."

The research is being presented Friday at the USENIX Security Symposium, which will hopefully lead to some solutions being developed. Until then, the best advice researchers have for avoiding these attacks is not to download sketchy apps in the first place.

This video contains images from Getty Images.

 



Reader Comments ...


Next Up in Technology

Protesters demand removal of NYC statue hailing doctor who experimented on slave women
Protesters demand removal of NYC statue hailing doctor who experimented on slave women

NEW YORK — When Sharon Thompson was a girl, she used to get a bad feeling when she walked by an imposing statue of a man on the edge of Central Park near East Harlem.          On Thursday, Thompson learned the story behind the statue when a local news station produced a piece on it...
7 of the craziest, coolest places to stay in Hocking Hills
7 of the craziest, coolest places to stay in Hocking Hills

Ohio’s Hocking Hills region offers plenty of charming B&Bs, cozy inns and romantic cottages to choose from if you are looking to make a weekend out of your road trip. Here are a few options that are off the beaten path to grab a night’s rest in. Experience the magic and tranquility of camping in traditional Sioux Native American tipis,...
Our ‘brilliant’ cat’ sets a high bar
Our ‘brilliant’ cat’ sets a high bar

In the first week of February, this newspaper published an article entitled, “Are cats actually as smart as dogs? New study says so.” Japanese researchers found that just like dogs, cats could “retrieve and utilize information from a single past event.” Both cats and dogs recalled which food bowls they had previously eaten....
What are your joints telling you?
What are your joints telling you?

After sitting for long periods of time, do you feel stiff? Do you have joint pain that is limiting your movement? Has a past joint injury started hurting again and you are not sure why? “One common cause of achy joints is inflammation,” says Matthew Heckler, DO, of Orthopedic Associates of SW Ohio. “When bones, tendons, and the cushions...
School means backpacks — be sure to use them safely
School means backpacks — be sure to use them safely

It’s back to school time, and for many students, this means wearing a backpack. While a backpack is a convenient storage place for books and school supplies, if overloaded or worn improperly carrying them can spell trouble over time. A study of pre-kindergarten through ninth-grade students found that changes in posture, particularly excessive...
More Stories