CATEGORIES
home News

Android, Windows and iOS Vulnerability Allows 92 Percent Hack Success Rate For Popular Apps Like Gmail

by Sean KnightThursday, August 21, 2014, 05:30 PM EDT

A weakness has been identified that could exist in Android, Windows, and iOS devices that can be used to obtain personal information. Discovered by a team of researchers, the vulnerability revolves around multiple applications running on a shared infrastructure that can be exploited.

According to their research, they were able to test a method, on an Android phone, that was successful between 82 percent and 92 percent of the time for six of the seven apps that were tested. The apps with such high percentages were Gmail (92 percent), H&R Block (92 percent), Newegg (86 percent), WebMD (85 percent), CHASE Bank (83 percent), and Hotels.com (83 percent). The final app tested belonged to Amazon, which had a 48 percent rate of success when the researchers used their method.


The team consists of Zhiyun Qian of the Computer Science and Engineering Department at UC Riverside, associate professor at the University of Michigan Morley Mao, and Mao’s Ph.D student Qi Alfred Chen. The paper, “Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks,” will be presented August 22 at this year’s USENIX Security Symposium in San Diego.

The success of the method is reliant on a user downloading multiple apps to a smartphone where all the apps are running on the same infrastructure. This is the vulnerability the team is taking advantage of, according to Qian who said, “The assumption has always been that these apps can't interfere with each other easily. We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."

In order to work, the potential victim has to download a supposedly benign app, like a background wallpaper, for their phone. Once the malicious app is installed, the team was able to exploit a public side channel that could be accessed without any privileges. However, in order to succeed, the attack needs to be done at the exact same moment when the user is logging in and without the user noticing.

While the method was only tested on an Android device, the team feels that their method will work on other operating systems since most of the devices share the same vulnerability. 

Tags:  Android, smartphone, Hack, vulnerability, exploit, Windows Phone, ios, NASDAQ:GOOG, (NASDAQ:AAPL), NASDAQ:MSFT
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment