A new exploit was discovered by a team of researchers at the University of California Riverside, Bourns College of Engineering. The team believes that this exploit, tested on an Android phone, will also be effective against Windows Phone and iOS.
As is always the case, hack works by getting the user to download some seemingly benign app, something common of which there are many. Perhaps a wallpaper app, perhaps a funny picture app, perhaps an app of daily sayings? And underneath this app which will provide a couple hours of entertainment before it is forgotten, the malware is working away at this newly found exploit with an astonishing success rate.
How does the malware work? By using ‘public side channels’. Shared memory between apps. Shared memory is commonly used in operating systems to keep things moving quick and smooth. Or to try to in the case of Android. And it was believed that one app could not see what another app was doing in this shared memory. It turns out that this is not the case at all. This shared memory can be accessed without any privileges and is in actuality, an open book.
The researchers tested this hack and had a success rate between 82 and 92 percent. The apps which they tested their attack against and their success rates follow.
- Gmail- 92% success
- H&R Block- 92% success
- Newegg- 86% success
- WebMD0- 85% success
- CHASE Bank- 93% success
- Hotels.com- 83% success
- Amazon- 48% success
Interestingly enough, it is stated that the reason Amazon is more difficult to hack is because “it allows one activity to transition to almost any other activity, increasing the difficulty of guessing which activity it is currently in” although, I like to think it’s because Amazon is friendly with BlackBerry now. Just makes more sense right?
The above video is one of three examples that they researchers created. See all three here.
Another day, another hack. When is the Passport getting here again?