Researchers from the University of California Riverside have discovered a flaw in the Android operating system, that allows them to hack most Android apps between 82 and 92 percent of the time.
The way they accomplish this is by having the user install a malware-infected app, and then taking advantage of the shared memory of the apps to steal information from other apps, thereby completely bypassing Android’s permission and sandboxing security system.
The research was performed on Galaxy S3 devices running Android 4.2, but because of the way the flaw works, the researchers expect it to work on other versions of Android, too. According to them, this flaw could also theoretically affect other operating systems such as Windows and iOS as well, but they haven’t attempted hacks on those systems yet.
Gmail was the app that could be hacked the most easily, a whopping 92 percent of the time. They’ve also managed to hack into other apps such as H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon. Amazon was the hardest one to break into, with only a 48 percent success rate.
The Chase Bank app allows users to pay in checks by taking pictures of them, and this feature could also be exploited through this flaw; malware could capture the photos as they are taken and then the attacker could steal all the important banking details of the user.
Apparently, accessing the shared memory the way these researchers are doing it is a rather novel way to break into apps, and something Google must have not anticipated:
“The assumption has always been that these apps can’t interfere with each other easily,” said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.
“We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user,” he added. “By design, Android allows apps to be preempted or hijacked. But the thing is you have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique.”
The way shared memory works right now on Android is also a feature that is used by many app developers, so developers aren’t expecting an easy fix to this problem without breaking compatibility for many apps. However, it’s clear Google needs to try and fix this flaw as soon as possible; otherwise, we could soon see this type of attack being used by malicious hackers in the wild, too, and not just in a research lab.
Here is the video.