Hack Gmail With 92 Percent Success Rate

A weakness in Android, Windows, and iOS mobile operating systems could be used to obtain personal information.

Researchers at the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a weakness they believe to exist across Android, Windows, and iOS operating systems that could allow malicious apps to obtain personal information.

Although it was tested only on an Android phone, the team believes that
the method could be used across all three operating systems because all
three share a similar feature: all apps can access a mobile device’s
shared memory.


In a paper being presented Friday at the Usenix cybersecurity conference, the engineers said they also could steal check images from a Chase app with an 83 percent success rate and hack personal information such as address and Social Security numbers from H&R Block (success rate 92 percent), Newegg (86 percent), WebMD (85 percent), Hotels.com (83 percent) and Amazon (48 percent) apps. 

Zhiyun Qian, an assistant professor at UC Riverside.

The researchers started working on the method because they believed
there was a security risk with so many apps being created by some many
developers. Once a user downloads a bunch of apps to his or her smart
phone they are all running on the same shared infrastructure, or
operating system.

“The assumption has always been that these apps can’t interfere with
each other easily,” Qian said. “We show that assumption is not correct
and one app can in fact significantly impact another and result in
harmful consequences for the user.”

Demonstration

1. Activity hijacking attack steals your password and SSN in H&R Block app: In this video we show an unprivileged app running in the background can track H&R Block app’s running state (we call such state UI state), unnoticeably hijack the foreground Activity and steal user’s H&R block login credentials and social security number(SSN).

2. Camera peeking attack steals your personal check image in Chase app: In this video we show an unprivileged app running in the background can track Chase app’s running state (we call such state UI state), and steal the check photo shot by the user. From the check photo, the attacker can successfully get many highly-sensitive personal information such as home address, check recipient name, bank routing number, account number, and even the user’s signature.

  
3. Activity hijacking attack steals your credit card number and shopping ship address information in NewEgg app: In this video we show an unprivileged app running in the background can track NewEgg app’s running state (we call such state UI state), unnoticeably inject two Activities into foreground and steal user’s credit card number and shopping ship address information.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.