Gmail hacked with 92% success
A critical vulnerability in Android, Windows, and iOS mobile operating systems could be used to obtain personal information. Researchers from the University of California posted their findings on a blog post.
The researchers were able to gain access to a number of apps, including Gmail, by disguising malicious software as another downloaded app.
Gmail was among the easiest to access from the popular apps tested.
The hack was tested on an Android phone, but the researchers believe it could work on other operating systems.
The researchers monitor changes in shared memory and are able to correlate changes to what they call an “activity transition event,” which includes such things as a user logging into Gmail or H&R Block or a user taking a picture of a check so it can be deposited online, without going to a physical CHASE Bank. Augmented with a few other side channels, the authors show that it is possible to fairly accurately track in real time which activity a victim app is in.
To circumvent this issue, Qian suggested, “Don’t install untrusted apps”, adding that users should also be wary of the information access requested by apps on installation.