Android Gmail App Found Vulnerable to Exploit
Android users beware: Several high-profile apps containing sensitive information have vulnerabilities, engineers said last Friday, which malicious hackers can exploit. Among the apps affected? Gmail.
Researchers Zhiyun Qian from the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan presented a paper at the Usenix cybersecurity conference showing that they were able to hack into the Android Gmail app with a 92 percent success rate. The numbers make Gmail one of the easiest to hack into out of the seven Android apps tested.
Gmail is the most widely used email service in the world, overtaking Hotmail in 2012 and now boasting over 500 million accounts.
Google, however, isn't too worried and seems to welcome the findings.
"Third-party research is one of the ways Android is made stronger and more secure," a Google spokesperson said.
The team of engineers also looked at Chase, H&R Block, Newegg, WebMD, Hotels.com, and Amazon Android apps. Chase was hacked 83 percent of the time, H&R Block 92 percent, Newegg 86 percent, WebMD 85 percent, and Hotels.com 83 percent. Amazon was the most resilient, allowing the hackers in only 48 percent of the time.
Several of the apps contain vital information, such as social security numbers, checking accounts and addresses. The method used is simple: Trick a user into installing a seemingly harmless app that then opens up a channel through which the hackers can manipulate the device.
So many different apps can be affected by the same malware because they all run in the same operating system.
"The assumption has always been that these apps can't interfere with each other easily," Zhiyun Qian said in a statement. "We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."
Both Chase and WebMD representatives have agreed, telling CNBC that the problem was an operating system, not an app one.
"H&R Block takes privacy and security very seriously, and we are in contact with appropriate parties to address these reports," H&R Block director of corporate communications Gene King said.
In the end, some analysts aren't too worried. The level of expertise needed, they say, should keep such malware out of mass circulation. Still, the researchers are confident that they could recreate similar scenarios on other operating systems such as Apple's iOS or Microsoft's Windows.
For more stories like this, follow us on Twitter!