A group of researchers are claiming they’ve been able to hack Gmail and other services with a 92% success rate. Among those found to be vulnerable to the attack were several apps which house important financial info, as well as personal data. The group is set to release their findings at a cybersecurity conference in San Diego soon.
Gmail, other Android apps hacked with 92% success rate
The researchers said that attacks on Google Inc.’s (NASDAQ:GOOGL) Gmail and H&R Block Inc.’s (NYSE:HRB) app were successful 92 percent of the time. JPMorgan Chase & Co.’s (NYSE:JPM) Chase Bank subsidiary, Newegg.com Inc., WebMD Health Corp. (NASDAQ:WBMD) and Hotels.com LP attacks were successful 83 percent, 86 percent, 85 percent and 83 percent of the time, respectively. Amazon.com Inc.’s (NASDAQ:AMZN) app was the only one that was difficult to infiltrate (48 percent) because the app allows users to transition from one activity to another more seamlessly.
Malware is placed in an app, which you would download to your device. Via the shared memory space on the device, hackers could tell when you were using an app such as Gmail, and use that opportunity to pinch your information. Zhiyun Qian, a researcher at the University of California and one of the researchers from the team, said “The assumption has always been that these apps can’t interfere with each other easily. We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user.
The researchers were inspired to study the apps because there are so many developers creating so many apps, leading them to believe that issues could arise when an individual runs so many programs on the same shared operating system. The best way to avoid such an infiltration, they said, is to only trust well-known apps, in part “background applications do not directly interact with users, so they should not perform privacy-sensitive actions freely.”
The presentation comes in the same week that United Parcel Service Inc. (NYSE:UPS) said hundreds of its stores had suffered a data breach, while Chinese criminals used the dreaded Heartbleed bug to steal millions of Americans’ hospital records.
The researchers created three short videos that show how the attacks work.  They can be viewed below: