Skip to main content

Researchers Hack Android Apps With Up To 92 Percent Success Rate, Windows And iOS Also May Be Vulnerable


Researchers from the University of California Riverside have discovered a flaw in the Android operating system, that allows them to hack most Android apps between 82 and 92 percent of the time.

The way they accomplish this is by having the user install a malware-infected app, and then taking advantage of the shared memory of the apps to steal information from other apps, thereby completely bypassing Android’s permission and sandboxing security system.

The research was performed on Galaxy S3 devices running Android 4.2, but because of the way the flaw works, the researchers expect it to work on other versions of Android, too. According to them, this flaw could also theoretically affect other operating systems such as Windows and iOS as well, but they haven’t attempted hacks on those systems yet.

Gmail was the app that could be hacked the most easily, a whopping 92 percent of the time. They’ve also managed to hack into other apps such as H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon. Amazon was the hardest one to break into, with only a 48 percent success rate.

The Chase Bank app allows users to pay in checks by taking pictures of them, and this feature could also be exploited through this flaw; malware could capture the photos as they are taken and then the attacker could steal all the important banking details of the user.

Apparently, accessing the shared memory the way these researchers are doing it is a rather novel way to break into apps, and something Google must have not anticipated:

"The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.

"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user," he added. "By design, Android allows apps to be preempted or hijacked. But the thing is you have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique."

The way shared memory works right now on Android is also a feature that is used by many app developers, so developers aren’t expecting an easy fix to this problem without breaking compatibility for many apps. However, it’s clear Google needs to try and fix this flaw as soon as possible; otherwise, we could soon see this type of attack being used by malicious hackers in the wild, too, and not just in a research lab.

Follow us @tomshardware, on Facebook and on Google+.

  • therogerwilco
    This can't be done on Windows Phone because of the way shared memory works.
    Reply
  • pnosko
    >"By design, Android allows apps to be preempted or hijacked."

    A little more detail here would be much appreciated.

    >According to them, this flaw could also theoretically affect other operating systems such as Windows and iOS as well, but they haven’t attempted hacks on those systems yet.

    Are we reading news with facts or discussing theory?
    Reply
  • pnosko
    duplicate
    Reply
  • Mintas Lanxor
    Anyone who uses the Internet for vital financial transactions or deposits their vital personal info on it deserves their possible misfortune caused by hacking.
    Reply
  • pnosko
    14016061 said:
    Anyone who uses the Internet for vital financial transactions or deposits their vital personal info on it deserves their possible misfortune caused by hacking.
    And if you are carrying your cash deposit to your local bank branch and get robbed enroute, you deserve that possible misfortune too, right?

    Reply
  • moekal
    "The way they accomplish this is by having the user install a malware-infected app"

    So the 92% rate mention is useless because it doesn't mean anything in terms of the general android population. Also, if a user install's your malware, and you can only retrieve 92% of them, that's funny.

    "According to them, this flaw could also theoretically affect other operating systems such as Windows and iOS as well, but they haven’t attempted hacks on those systems yet."

    a.k.a. "Anything's possible..."

    Except for the fact that there is no "shared memory" in iOS apps, all apps are sandboxed. And any apps running malicious code that tries to "hack" its's way out of its memory block will be rejected in a second from app store approval. No side loading apps (unless jailbroken), no issue here.


    Go home Tom Hardware, your drunk and pleading for clicks with a catchy title.
    Reply
  • edwd2
    malware infected apks
    Reply
  • genz
    "The way they accomplish this is by having the user install a malware-infected app"

    So the 92% rate mention is useless because it doesn't mean anything in terms of the general android population. Also, if a user install's your malware, and you can only retrieve 92% of them, that's funny.

    "According to them, this flaw could also theoretically affect other operating systems such as Windows and iOS as well, but they haven’t attempted hacks on those systems yet."

    a.k.a. "Anything's possible..."

    Except for the fact that there is no "shared memory" in iOS apps, all apps are sandboxed. And any apps running malicious code that tries to "hack" its's way out of its memory block will be rejected in a second from app store approval. No side loading apps (unless jailbroken), no issue here.


    Go home Tom Hardware, your drunk and pleading for clicks with a catchy title.


    Android is sandboxed too
    Reply
  • Markla
    As far as I understand, this is more of a trojan than a true exploit, the malicious app sits in the background monitoring system or kernel memory usage and once it sees a pattern, assumes the system to be executing one of the apps mentioned, and pops up its own version of the UI and fools the user into keying in credentials
    Reply
  • Daniel Coca
    BlackBerry for the win; the phoenix will rise from the fire. Security, security....
    Reply