that six out of seven popular apps could be hacked with up to a 92 percent success rate.
They found out weaknesses believed to exist in Android, Windows and iOS mobile operating systems that
could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an
Android phone.
The researchers tested the method and found it was successful between 82 per cent and 92 per cent of the
time on six of the seven popular apps they tested.
Among the apps they easily hacked were Gmail, CHASE Bank and H&R Block. Amazon, with a 48 per
cent success rate, was the only app they tested that was difficult to penetrate.
The researchers believe their method will work on other operating systems because they share a key feature
researchers exploited in the Android system. A user would be vulnerable if they downloaded an app that
appeared to be genuine but in reality was malware ; hackers could then exploit this vulnerability to observe
whatever personal data the user entered. One example might be when a user opens a banking app and logs i
in. The hacker would be notified and could begin an “activity hijacking attack,” allowing them to get a user’s
personal information.
Another example could be when a check is deposited electronically. A “camera peeking attack” could steal
the image of the check, allowing hackers access to sensitive information such as the bank account number,
routing number and signature.
The researchers demonstrate the hacks on their website, showing how they were able to compromise seven
different Android apps: WebMD, Gmail, Chase, H&R Block, Amazon, NewEgg and Hotel.com. They said
they managed to hack into Gmail and H&R Block about 92 percent of the time. The Amazon app proved to
be least vulnerable, they said, with a hacking success rate of about 48 percent. They said this was most
likely due to the UI model Amazon uses in its app; instead of having the same screen and different text,
Amazon provides a different options menu for each activity.
0 comments: