They say sharing is caring; although clearly ‘they’ never had siblings, because it was more like ‘sharing is nicking my stuff and giving me grief when I wanted it back’. And I feel pretty vindicated right now, because that’s exactly the kind of sharing that happens when you accidentally ‘share’ malicious code between your apps. Heads up to any smartphone users out there, researchers have found they’re able to break into a bunch of apps (with Gmail heading up the black list at a whopping 92% hack-rate) through a smartphone flaw. So unless you’re feeling really really lucky, read on, and find out how you can beat the odds.
A coupla academics in the US have put together a report showing how they disguised malicious software in an app, and after victims downloaded it, used it to hack into their other apps through their smartphones’ shared memory; through this, they were able to access users’ sensitive data. Gmail was found as one of the easiest to crack with a 92% break-in rate, and Amazon was the hardest out of those tested, with a (still fairly tragic) 48% success rate. The test was done on phones using the Android operating system but researchers reckon it’ll be a pretty similar situation for Windows and iOS too.
The experiment worked by accessing the shared memory within each phone through the dodge app, which then gave them access to other apps; it’s pretty big news as until now it was assumed that it wasn’t possible for apps to affect each other. Oops. They were then able to nick sensitive details by monitoring changes when users were logging into other apps, or taking pictures of cheques and things (which is how Chase Bank works, another app that was found to be weak). Because they could monitor when a user was logging into one of the apps and nab info at the same time, the user wouldn’t even be aware that anything had happened.
Unfortunately the real problem here is the way the OSs are put together, so developers really need to take a long hard look at either getting rid of the shared memory which enabled the hack or, at the very least, monitoring them better.
What you can do is be careful what you’re downloading. Don’t assume that if you download an app that looks a bit dodge it’s OK because you haven’t input anything sensitive on it – your information is still at risk. Only install apps from legit app stores. Check reviews and ratings to see how other people have gotten on (read: whether they’ve been rinsed for all they’re worth after downloading it) when picking up the latest emoji pack, anti-virus or ringtones (which tend to be the main culprits for dodgy software). So, whilst sharing is usually a good thing, in the case of hackers (and siblings) let’s make it that little bit harder for them to use sharing as an excuse to steal our stuff.
If you have any questions about the security of your solution with UKFast, check out our website, or give us a call on 0800 045 4945.