View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 25, 2014updated 06 Dec 2016 10:21am

Is your Gmail smartphone app safe?

Researchers were able to pinch users’ login credentials by analysing the shared memory used by apps.

By CBR Staff Writer

Researchers from University of Michigan and University of California have successfully exploited vulnerability in the smartphone memory and hacked Gmail accounts with a 92% success rate.

During the vulnerability test of popular apps, researchers noted that Gmail was among the easiest to crack, with Amazon being the hardest one, with only 48% success rate.

As part of the research, an Android device was accessed by cloaking malicious software as another downloaded application, while researchers deemed it would work on other operating systems including iOS and Windows.

Welcoming the research, Google issued a statement: "Third-party research is one of the ways Android is made stronger and more secure."

To be demonstrated at a cybersecurity conference in San Diego, the research also involved hacking other apps such as H&R Block, Newegg, WebMD, Chase Bank, and Amazon.

Researchers initially analysed the shared memory used by all apps and were able to let know user was logging into apps, then steal login details and passwords.

University of California assistant professor Zhiyun Qian said: "The assumption has always been that these apps can’t interfere with each other easily.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."

Researchers also exploited a feature of the Chase Bank app that enables consumers pay in cheques by capturing images via their device’s camera.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.