View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 22, 2014

Bug claimed to leave Android apps hackable 90% of the time

Gmail one of the worst affected apps, but Amazon is more resilient.

By Jimmy Nicholls

A new bug on Android allows hackers to successfully attack apps around 90% of the time, according to researchers from the University of California Riverside (UCR) and the University of Michigan (UM).

The academics claim to have tested seven apps including Gmail, CHASE Bank and H&R Block, finding that only Amazon was difficult to hack, foiling them on half of their attempts.

Zhiyun Qian, assistant professor in computer science and engineering at UCR, said: "The assumption has always been that these apps can’t interfere with each other easily.

"We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."

The hack is said to work by tricking users into downloading a seemingly benign app which allows the hackers to exploit shared memory processes, which can be accessed without any special privileges.

Though the researchers have not tested the method on Windows and iOS, they believe that memory sharing features common to the three mobile OSs will allow similar tactics to be used across the platforms.

"By design, Android allows apps to be preempted or hijacked," Qian added. "But the thing is you Bug have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Amazon’s app was said to be more difficult to attack because it allows one activity to easily transition to another, making it harder to guess what the programme is doing.

Qian and Morley Mao, an associate professor of electrical engineer and computer science at UM, will present their findings to the USENIX Security Symposium in San Diego today.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.