Skip to main content
  1. Home
  2. Mobile
  3. News

Security researchers expose Gmail smartphone hack

David Nield
By

security researchers expose gmail smartphone hack big app
Image used with permission by copyright holder
Researchers from the Universities of Michigan and California say they’ve come up with a smartphone hack that can get into your Gmail account via your mobile device. A number of apps are affected by the vulnerability but Gmail was exploited with a 92 percent success rate.

According to the details of the research, the hack — as you might expect — relies on a malware app posing as a genuine bit of software, so you should be safe if you take good care over what’s allowed to run on your handset. Once the malicious code is in place it can use a mobile device’s shared memory to jump into other apps, including Gmail.

Recommended Videos

Related: Gmail acts to sort out new scam using non-Latin characters

Related

“The assumption has always been that these apps can’t interfere with each other easily,” said Zhiyun Qian, one of the team working on the project. “We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.” Banking apps were also successfully breached using the same method.

The hack relies on being able to predict what the user will do next and timing an interception perfectly, so some apps proved more vulnerable than others. Of the seven apps tested, Gmail was the easiest to access while the Amazon app was the most difficult. The exploit was run on an Android phone though the researchers say the same principles can potentially be applied to iOS and Windows Phone.

Thanks to the procedures put in place to block and root out malware, the vulnerability reported here shouldn’t worry the majority of users. Nevertheless it’s a working demonstration of how a device’s shared memory can be misused, and another reminder to take care with your app installs — particularly if you’re on a rooted device.

A Google spokeswoman welcomed the report: “Third-party research is one of the ways Android is made stronger and more secure,” she said. The findings will be revealed in full at the USENIX Security Symposium in San Diego.

[Header image: Alexander Supertramp / Shutterstock.com]

Editors' Recommendations

Topics
David Nield
David Nield
Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Three reasons Apple’s anti-sideloading rant misses the point
An Apple iPhone 13 showing the home screen apps and widgets.

Apple has always notoriously been against sideloading, but head of software Craig Federighi took it a step further with a dramatic statement at Web Summit 2021. He declared that "sideloading is a cybercriminal's best friend and requiring [it] on iPhone would be a gold rush for the malware industry."

Federighi's comments dovetail the European Commission's Digital Markets Act, a bill aimed at allowing third parties to work with customers without a platform owner's interference. It also features a few other requirements, including stopping companies like Apple from making select apps uninstallable and preventing them from favoring their own apps and services on their platforms. It's understandable why Apple would be concerned about it -- but that doesn't mean the company's aren't being misleading.

Read more
The Gmail iOS app is finally getting a much more useful widget
New Gmail widget on iPhone.

As far as widgets go, Google’s iOS apps have always left something to be desired, but it looks that’s about to change as the search giant has announce plans to bring the widget for its iOS app on par with the Android experience.

Although widgets only came to the iPhone with last year’s release of iOS 14, most app developers came up with some pretty creative ways to make use of the new widgets. Not Google, though, which gave Gmail a widget that was basically just a collection of shortcut buttons that didn’t display any particularly useful information beyond the number of unread messages sitting in your inbox. 

Read more
How Apple’s tight ecosystem of products can undermine its own security
Person accessing a state ID using their Apple Watch.

There’s an old belief that you can’t have both security and convenience, and that’s seen as especially true in your digital life. I’m sure Apple would dispute that assertion, pointing to things like Face ID as evidence it can do both.

Yet, as we've seen in recent months, there are actually times when Apple’s ecosystem, so tightly linked across its platforms, can actually undermine its own security. If your dwelling only has one locked door, it only takes one key to have access to the whole house.
Face ID, the iPhone, and the Apple Watch

Read more