Gmail smartphone app hacked by researchers

Android phone Researchers stole login details and passwords from apps including Gmail

Related Stories

US researchers say they have been able to hack into Gmail accounts with a 92% success rate by exploiting a weakness in smartphone memory.

The researchers were able to gain access to a number of apps, including Gmail, by disguising malicious software as another downloaded app.

Gmail was among the easiest to access from the popular apps tested.

The hack was tested on an Android phone, but the researchers believe it could work on other operating systems.

A Google spokeswoman said the technology giant welcomed the research. "Third-party research is one of the ways Android is made stronger and more secure," she said.

The research is being presented later at a cybersecurity conference in San Diego by academics from the universities of Michigan and California.

Other apps hacked included H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.

Passwords stolen

The Amazon app was the hardest to access, with a 48% success rate.

The hack involves accessing the shared memory of a user's smartphone using malicious software disguised as an apparently harmless app, such as wallpaper.

This shared memory is used by all apps, and by analysing its use the researchers were able to tell when a user was logging into apps such as Gmail, giving them the opportunity to steal login details and passwords.

"The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.

"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."

In another example the researchers were able to take advantage of a feature of the Chase Bank app which allows customers to pay in cheques by taking pictures of them with their device's camera.

The researchers were able to access the camera to steal the pictures as they were being taken, giving them access to personal information including signatures and bank details.

The tests were carried out on Android phones, but the researchers believe the attacks could be successful on other operating systems, including Windows and the iOS system developed by Apple.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

Is tech creating stupid drivers?

How satnav could be eroding life-saving skills Read more...

Programmes

  • Cattle herded in AustraliaThe Travel Show Watch

    The spectacle of herding 2,000 cattle using bikes, cars and a helicopter

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.