Bug claimed to leave Android apps hackable 90% of the time

Security

by Jimmy Nicholls| 22 August 2014

Gmail one of the worst affected apps, but Amazon is more resilient.

A new bug on Android allows hackers to successfully attack apps around 90% of the time, according to researchers from the University of California Riverside (UCR) and the University of Michigan (UM).

The academics claim to have tested seven apps including Gmail, CHASE Bank and H&R Block, finding that only Amazon was difficult to hack, foiling them on half of their attempts.

Zhiyun Qian, assistant professor in computer science and engineering at UCR, said: "The assumption has always been that these apps can't interfere with each other easily.

"We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."

The hack is said to work by tricking users into downloading a seemingly benign app which allows the hackers to exploit shared memory processes, which can be accessed without any special privileges.

Though the researchers have not tested the method on Windows and iOS, they believe that memory sharing features common to the three mobile OSs will allow similar tactics to be used across the platforms.

"By design, Android allows apps to be preempted or hijacked," Qian added. "But the thing is you Bug have to do it at the right time so the user doesn't notice. We do that and that's what makes our attack unique."

Amazon's app was said to be more difficult to attack because it allows one activity to easily transition to another, making it harder to guess what the programme is doing.

Qian and Morley Mao, an associate professor of electrical engineer and computer science at UM, will present their findings to the USENIX Security Symposium in San Diego today.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

747 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.