Gmail wasn't the only thing hacked by researchers; it's bigger than that



The researchers who hacked into Gmail on Android were able to show that apps can interfere with each other and that's the really scary part.

We may become inured to any information about hacking of our personal applications and data. It's going to be simple because the urgency of security failures is being reduced by the number of points of failure.

Today's news is dominated by the story that Gmail was hacked on an Android app by getting one app to effectively spy on another one.

The attack actually uses a method that bypasses the "sandboxing" of apps within the platform. Essentially, apps aren't supposed to be able to interfere with each other so, researchers at the University of Michigan and NEC Labs America hacked the User Interface (UI).

In the paper to be delivered today at hte USENIX Security Symposium in San Diego the researchers point out the the security of an Android phone's UI can be compromised by background apps.

The following videos amply demonstrate the hijacking of the phone using the UI. H&R Block, Chase, and NewEgg are shown here but not Gmail.

Related: The cloud isn't private enough for naked selfies

Data from the Graphical User Interface (GUI) is stored in memory that is shared by all apps and in 6 out of 7 popular Android apps, the researchers showed that they could compromise that GUI data for other apps and steal the user's input data.

So, essentially, the background app from the researchers has found a way to figure out what is going on on your phone screen by looking at the memory configuration of your display. You input your login and password into an app and the researchers get to see it, and they did the vast majority of the time.

Related: The truth about apps: users are rich

So, this isn't just a case of a Gmail vulnerability. That makes for a great headline. But, I would be more concerned about having my banking app hacked or the fact that this is a method that exposes almost any app running within the system that is using the standard processes for the UI and GUI of the phone.



 

Example of a check image grabbed by researchers hacking into Android smartphone

The researchers were tracking activities and even hijacking and peeking into the camera.

The good news is that the researchers have offered ways to eliminate the "side channel" where the data they accessed is stored and ways to make the system more secure.

Check out the paper by the researchers: Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks.

This was a much bigger and scarier attack than getting into Gmail, even though that is pretty scary.



Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


More

Are you an April Fool? Find out with this Quiz!

April Fool's Day is dedicated to mischief. Do you go all out for April Fool's or is it just another day for you? Either way, we've put together a fun selection of off the wall ideas, but it's up to you to find out if they're true. Take the quiz and find out if you can separate fact from fiction or if you're the April Fool!

Hugh Jackman Will Stop Playing Wolverine in 2017

The actor will leave his best known role in the next Wolverine solo film