The Gmail app for Android smartphones is quite vulnerable to being hacked, researchers have discovered.
According to Fortune.com, there’s a weakness that allows hackers to break into Gmail accounts with a 92 percent success rate.
The vulnerability is also found in apps from H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.com, they found.
Most of the apps could be cracked with an 80 to 90 percent success rate. However, the Amazon app had a 40 percent success rate, meaning it was the most difficult to hack.
The hack is triggered when a user downloads what appears to be an innocuous app like for wallpaper or something else but it’s actually malware. After that, the malware looks at shared memory to find what users are doing.
The hackers then can try to determine what username and password the users enter. The malware could potentially determine if a user takes a photo of a check to send to Chase Bank.
“At this point, the information is stolen and the attack succeeds,” the authors wrote.
One of the authors, Zhiyun Qian with UC Riverside, told CNET: “The assumption has always been that these apps can’t interfere with each other easily. We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.”
The attack has to be coordinated as the same time the user is doing the said action. It also has to be done in a manner that leaves the smarthpone operator unaware.
“We know the user is in the banking app, and when he or she is about to log in, we inject an identical login screen,” electrical engineering doctoral student Qi Alfred Chen with the University of Michigan said. “It’s seamless because we have this timing.”