Computer scientists at the University of California Riverside in the United States have developed a method in which they all Android Applications can hack about and can steal sensitive information with an unprecedented high success ratio. The researchers also believe that they exposed the vulnerability is not limited to Google’s operating system. Also, iOS and Windows Phone would be vulnerable.
App without permissions
The attack that the team conceived is carried out with an app that the victim needs to download . The malicious code can be incorporated into just about any innocent app such as a game or software to change your phone. Background Who is smart, and not downloading apps that you need to give permissions strange is going on for the effort. The only permission that the hack app in question need is an Internet connection to send. Captured information to the attacker
That’s because the app steals information via shared memory. Initially, it was assumed that virtually isolated apps on the Android system turned, but the scientists discovered a side which they exploit the shared memory, and steal information. Other apps The app of the attacker, which runs in the background, holds through shared memory that the activities of the app to hack into the holes. Through the network, the attacker will be kept informed of the actions of the victim.
Activate and steal
At the time the victim sensitive information entered, activates the attacker a feature in its app that sensitive information stolen and transmitted. The spoils of a few lines of text, to name account and credit card information. The Californian team tried to steal from seven (in America) popular applications. Sensitive information in this way The success rate was six of seven between 82 and 92 percent. It was Gmail (92 percent), but also apps from American banks, like Hotel.com (83 percent) and WebMD (85 percent). Only the app from Amazon resisted: the hack worked in only 48 percent of cases. In this video you can see how the system is carried out concretely
The approach has a disadvantage for the attacker:. He must remain alert. During steal information the hacked app anymore. Doing his job Information has to be stolen at the right time, otherwise the user will get suspicious.
No solution
release an update for the vulnerability is not just possible . Shared memory is necessary for the operation of apps. You can also find it back in Windows Phone and iOS. That is why researchers are convinced that their approach will succeed in those operating systems, though they have not tested it themselves.
As a user, you can not do much against such a targeted attack to personal info to make booty. The golden rule is and will remain the same as always: Do not install apps that you do not trust
.
No comments:
Post a Comment