Gmail

Computer researchers at the University of California RiversideBourns College of Engineering and the University of Michigan successfully discovered a method to hack into six out of seven popular smartphone apps. They manged to hack into Gmail accounts with a 92% success rate by exploiting a weakness in smartphone memory.

The researchers were able to gain access by disguising malicious software as another downloaded app. Other apps hacked included H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.

“The assumption has always been that these apps can’t interfere with each other easily,” said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.

“We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user.”

The team of researchers (Zhiyun Qian, Z Morley Mao and Qi Alfred Chen) will present their paper ‘Peeking into your app without actually seeing it: UI State interference and novel Android attacks’ at the USENIX Security Symposium in San Diego on August 23rd.

The tests were carried out on Android phones, but the researchers believe the attacks could also be successful on other operating systems, including Windows Phone and the iOS system developed by Apple.

In this video Qi Alfred Chen, one of the three researchers, shows how the vulnerability can be exploited:

Read more @ Hacker News.