Gmail wasn't the only thing hacked by researchers; it's bigger than that

The researchers who hacked into Gmail on Android were able to show that apps can interfere with each other and that's the really scary part.

We may become inured to any information about hacking of our personal applications and data. It's going to be simple because the urgency of security failures is being reduced by the number of points of failure.

Today's news is dominated by the story that Gmail was hacked on an Android app by getting one app to effectively spy on another one.

The attack actually uses a method that bypasses the "sandboxing" of apps within the platform. Essentially, apps aren't supposed to be able to interfere with each other so, researchers at the University of Michigan and NEC Labs America hacked the User Interface (UI).

In the paper to be delivered today at hte USENIX Security Symposium in San Diego the researchers point out the the security of an Android phone's UI can be compromised by background apps.

The following videos amply demonstrate the hijacking of the phone using the UI. H&R Block, Chase, and NewEgg are shown here but not Gmail.

Data from the Graphical User Interface (GUI) is stored in memory that is shared by all apps and in 6 out of 7 popular Android apps, the researchers showed that they could compromise that GUI data for other apps and steal the user's input data.

So, essentially, the background app from the researchers has found a way to figure out what is going on on your phone screen by looking at the memory configuration of your display. You input your login and password into an app and the researchers get to see it, and they did the vast majority of the time.

So, this isn't just a case of a Gmail vulnerability. That makes for a great headline. But, I would be more concerned about having my banking app hacked or the fact that this is a method that exposes almost any app running within the system that is using the standard processes for the UI and GUI of the phone.


Example of a check image grabbed by researchers hacking into Android smartphone

The researchers were tracking activities and even hijacking and peeking into the camera.

The good news is that the researchers have offered ways to eliminate the "side channel" where the data they accessed is stored and ways to make the system more secure.

Check out the paper by the researchers: Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks.

This was a much bigger and scarier attack than getting into Gmail, even though that is pretty scary.

Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


Xbox Get’s A Surprise Update But Hololens Knocked Our Socks Off

An Xbox upgrade and Projet X-Ray amaze at Microsoft Devices launch.

T-Mobile Breach Really? Defenses And Obama (and Congress) Incompetence

So how would someone just breach the T-Mobile records and why? This is infuriating.

A racist scientist doesn’t want immigration friendly countries to use his software.

I always thought education was a good tool to fight bigotry, apparently I was wrong. A German scientists, Gangolf Jobb, is revoking the licence for his bioinformatics software, Treefinder, for researchers in eight European, immigrant friendly, countries. Treefinder is commonly used for scientific papers to build diagrams, from sequence data, showing the most likely evolutionary relationship of various species. The software has not been updated for years and is not unique or irreplaceable. It is widely used because researchers are used to it but alternatives are already being listed for those...