Sign up for our newsletter
Technology / Cybersecurity

Bug claimed to leave Android apps hackable 90% of the time

A new bug on Android allows hackers to successfully attack apps around 90% of the time, according to researchers from the University of California Riverside (UCR) and the University of Michigan (UM).

The academics claim to have tested seven apps including Gmail, CHASE Bank and H&R Block, finding that only Amazon was difficult to hack, foiling them on half of their attempts.

Zhiyun Qian, assistant professor in computer science and engineering at UCR, said: "The assumption has always been that these apps can’t interfere with each other easily.

"We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."

White papers from our partners

The hack is said to work by tricking users into downloading a seemingly benign app which allows the hackers to exploit shared memory processes, which can be accessed without any special privileges.

Though the researchers have not tested the method on Windows and iOS, they believe that memory sharing features common to the three mobile OSs will allow similar tactics to be used across the platforms.

"By design, Android allows apps to be preempted or hijacked," Qian added. "But the thing is you Bug have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique."

Amazon’s app was said to be more difficult to attack because it allows one activity to easily transition to another, making it harder to guess what the programme is doing.

Qian and Morley Mao, an associate professor of electrical engineer and computer science at UM, will present their findings to the USENIX Security Symposium in San Diego today.
This article is from the CBROnline archive: some formatting and images may not be present.