A team of American researchers has identified a vulnerability in the operating systems iOS and Android, which can be through with a probability of 92% to hack Gmail and other popular services. Postal Service Google was one of the easiest targets of the tested applications.
The study's authors - Associate Professor, University of California Zhiyong Qian, Associate Professor, University of Michigan Chzhoutsin Morley Mao and her graduate student colleague Alfred Chen Qi. Scientists presented a report on the 23 th USENIX Security Symposium in San Diego.
Scientists have begun to work on this method, as they found that a large number of applications are now established risk factor for users. When a user downloads a number of different applications, they start to work in a shared infrastructure, that is the operating system of the smartphone.
"It is always assumed that these applications can not easily communicate with each other. We demonstrate that this assumption is false and one application can significantly affect the other and hurt the user, "- said Qian.
The method consists in the fact that a user installs on your smartphone innocuous at first glance, the program, such as "wallpaper" for the phone's screen. Once the application has been installed, the researchers were able to access the shared memory of your device, which stores statistical information about the processes. Shared memory - a feature that allows multiple processes in the operating system to communicate, and to access it does not require any special permissions.
Scientists track changes in shared memory and compare them to events such as logging on to Gmail or take a picture. Supplementing information on changes data obtained even from multiple sources, the study demonstrated that it is possible to accurately determine what information from the shared memory refers to the desired program.
At the conference, experts demonstrated how through the identification of vulnerable access applications Gmail with a 92 percent chance of success. In addition, they were able to intercept the pictures from the application Chase (83 percent), access to personal information, including addresses and Social Security numbers of applications, H & R Block (92 per cent), Newegg (86 per cent) and WebMD (85 per cent).
The researchers say that the method will not only work on Android, but also on iOS and Windows Phone, as they have the same need for the breaking function.