Researchers have identified a new flaw that could possibly be used by hackers to steal users’ personal information using malicious smartphone apps across Android, Windows, and iOS operating systems.
Security researchers from the University Of California Riverside Bourns College Of Engineering and the University of Michigan discovered a hacking method that could be used across all three operating systems to steal sensitive data from user’s smartphones through malicious applications.
Computer Science and Engineering Department at UC Riverside researcher Zhiyun Qian said it is always taken as an assumption that these apps can’t interfere with each other easily. However, the research has proved that the assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.
The research, tested on an android smartphone, started with a user downloading a harmless application, such as background wallpaper containing some malicious code. After the app was installed, the researchers were able to able to exploit a newly discovered public side channel, access the shared memory statistics of a process without any permission or app privileges, monitor the changes in this shared memory and correlate changes to various activities to track users’ real-time actions and capture the information at the right moment.
The research found that of the seven apps tested attacks on Gmail and H&R Block were successful 92 percent of the time, attacks on Chase, Newegg, WebMD and Hotels.com apps were successful 83 percent, 86 percent, 85 percent and 83 percent of the time respectively, while Amazon, with a 48 percent success rate, was the hardest to crack.
To be more careful, Zhiyun Qian, an associate professor at UC Riverside, suggested users not to install untrusted apps and to check out the information access requested by apps on installation.
[Editor’s Note: Rectified title of the story to reflect the correct operating system (Windows)]