Your most trustworthy apps may be at risk. Researchers say they have found a way to hack Gmail apps with a 92 percent success rate. In a paper being presented Friday at the Usenix cybersecurity conference, the engineers said they also could steal check images from a Chase app with an 83 percent success rate and hack personal information such as address and Social Security numbers from H&R Block (success rate 92 percent), Newegg (86 percent), WebMD (85 percent), Hotels.com (83 percent) and Amazon (48 percent) apps.
The hacker would gain access by causing a user to install a
seemingly harmless app such as phone wallpaper and expose a newly
discovered public side channel that doesn't require privileges. This
feature allows processes to share data efficiently and is quite common,
since all a phone's downloaded apps interact with one operating system.
"The assumption has always been that these apps can't interfere with each other easily," researcher Zhiyun Qian said in a statement. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."
The other contributors to the paper were Z. Morley Mao, associate professor at the University of Michigan, and Qi Alfred Chen, a Ph.D., student working with Mao. Qian, a recent doctoral graduate from Mao's group, is a professor at the University of California, Riverside. The researchers said they had only a 48 percent success with the Amazon app because it allows transition from one activity to almost any other, increasing the difficulty of guessing what the user is doing and finding the exact moment to steal data.
After a high-profile breach of credit card data at Target late last year, reports of cybersecurity attacks on companies and government agencies have been on the rise recently. He added that consumers will probably start looking more into state-of-the-art identification protection services.
"As secure as we thought we were a year or two ago, we're seeing another wave across app platforms everywhere," said Brian Blair, analyst at Rosenblatt Securities. "We're going to have to have app developers create a layer of new security. There's not much I see consumers can do. We have to wait for all companies that store our info to upgrade."
"Users should be cautious and only download apps from trusted sources—big, popular apps are hacker magnets," he said in an email. "Do a routine check of your smartphone and tablet, especially if you have little ones using the device, to ensure only apps that can be trusted are the only ones installed. Immediately uninstall apps that appear to be from unknown sources or are not necessary."
"The assumption has always been that these apps can't interfere with each other easily," researcher Zhiyun Qian said in a statement. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."
The other contributors to the paper were Z. Morley Mao, associate professor at the University of Michigan, and Qi Alfred Chen, a Ph.D., student working with Mao. Qian, a recent doctoral graduate from Mao's group, is a professor at the University of California, Riverside. The researchers said they had only a 48 percent success with the Amazon app because it allows transition from one activity to almost any other, increasing the difficulty of guessing what the user is doing and finding the exact moment to steal data.
After a high-profile breach of credit card data at Target late last year, reports of cybersecurity attacks on companies and government agencies have been on the rise recently. He added that consumers will probably start looking more into state-of-the-art identification protection services.
"As secure as we thought we were a year or two ago, we're seeing another wave across app platforms everywhere," said Brian Blair, analyst at Rosenblatt Securities. "We're going to have to have app developers create a layer of new security. There's not much I see consumers can do. We have to wait for all companies that store our info to upgrade."
"Users should be cautious and only download apps from trusted sources—big, popular apps are hacker magnets," he said in an email. "Do a routine check of your smartphone and tablet, especially if you have little ones using the device, to ensure only apps that can be trusted are the only ones installed. Immediately uninstall apps that appear to be from unknown sources or are not necessary."
