Skip to main content

Security researchers expose Gmail smartphone hack

security researchers expose gmail smartphone hack big app
Image used with permission by copyright holder
Researchers from the Universities of Michigan and California say they’ve come up with a smartphone hack that can get into your Gmail account via your mobile device. A number of apps are affected by the vulnerability but Gmail was exploited with a 92 percent success rate.

According to the details of the research, the hack — as you might expect — relies on a malware app posing as a genuine bit of software, so you should be safe if you take good care over what’s allowed to run on your handset. Once the malicious code is in place it can use a mobile device’s shared memory to jump into other apps, including Gmail.

Recommended Videos

Related: Gmail acts to sort out new scam using non-Latin characters

“The assumption has always been that these apps can’t interfere with each other easily,” said Zhiyun Qian, one of the team working on the project. “We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.” Banking apps were also successfully breached using the same method.

The hack relies on being able to predict what the user will do next and timing an interception perfectly, so some apps proved more vulnerable than others. Of the seven apps tested, Gmail was the easiest to access while the Amazon app was the most difficult. The exploit was run on an Android phone though the researchers say the same principles can potentially be applied to iOS and Windows Phone.

Thanks to the procedures put in place to block and root out malware, the vulnerability reported here shouldn’t worry the majority of users. Nevertheless it’s a working demonstration of how a device’s shared memory can be misused, and another reminder to take care with your app installs — particularly if you’re on a rooted device.

A Google spokeswoman welcomed the report: “Third-party research is one of the ways Android is made stronger and more secure,” she said. The findings will be revealed in full at the USENIX Security Symposium in San Diego.

[Header image: Alexander Supertramp / Shutterstock.com]

David Nield
Former Digital Trends Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
How to secure Cash App
data plan

Popular money transfer app Cash App hit the news recently after it transpired a security breach impacting 8.2 million U.S. users had leaked sensitive customer information. Although Cash App insists information such as account access codes and passwords weren't compromised, it's still a good idea to ensure your Cash App account is secure. You can do this in a number of different ways, including setting a pin or using biometrics like your fingerprint or Face ID. Keep reading and we'll show you how to secure Cash App to keep your personal information safe.

Read more
How to tell if your smartphone has been hacked
Kids playing on a smartphone.

Smartphones have profoundly changed the way people live, communicate with each other, and keep themselves entertained. But like everything else, there's a downside. Corrupt people always want what doesn't belong to them, and devise elaborate criminal methods to get what they want and make everyone else miserable. When thieves hack smartphones, they take more than possessions -- they steal information, money, identity, and -- in some cases -- reputation, all of which can destabilize and endanger the target's health and well-being.

Don't bother expending any effort to identify the hacker. While it's possible to find out who broke into your phone, most of these searches wind up failing. That's because most phone hackers operate on the dark web and behind proxy servers. They specialize in covering their tracks. Most cyberattacks and phone hacks are carried out via malware, anyway, so despite how personal it may feel, mostly it's not personal at all.

Read more
Gmail app hits 10 billion Play Store downloads, holds 53% of U.S. email market
Close up of various Google app icons including Google, Gmail, and Maps.

Google launched Gmail on April 1, 2004, and in 2022, the service hit a new milestone, with 10 billion downloads on the Google Play Store -- a figure that represents 53% of the U.S. email market. This makes Gmail the fourth app on the Play Store to achieve this landmark; the first three were Google Play Services (a requirement for nearly all Android phones that use Google services), YouTube, and Google Maps.

As of January 11, the Google Play Store shows that Google Chrome and Google Search have also crossed the 10 billion downloads mark. Meanwhile, Google Photos is trailing a little behind, at over 5 billion downloads.

Read more