Researchers Hack Android and iPhone Apps for Banking Data and Personal Info With Close to 100 % Success Rate

By CH Smith| Aug 22, 2014

On Saturday researchers will showcase their work around the ease of hacking into smart phone data. Think about all that private banking, password and personal information stored on your mobile device. Researchers in the U.S. apparently had a fairly easy time, more than 90 percent of the time, breaking into smart phones and tricking users with phony information that got them to access sensitive data.

The paper "Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks"  will be presented at the event in San Diego, according to Valuewalk.com. Researchers will be gathered to discuss the topic and others at the USENIX Security Symposium on Aug. 23.

Several of the key finds included hacking into tax apps and banking apps, which allowed the easy transfer of funds. What researchers did was create fake login screens that they could time to when the user was accessing their apps. From there they were able to gather the information. 

Most people assume that the apps their smarphone, both Android and iOS, don't work together, but they do and the holes in their security can be easily exploited. A University of California at Riverside associate professor Zhiyun Qian said the research was meant to challenge that assumption about smart phone apps. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user," he said.

The way researchers did this was by creating a wall paper app, one that provided a background for a cell phone, once that was loaded into a smarphone it was able to gain access to the phone's memory. From that memory access, which was targeted by the computer code the researchers wrote that the "shared memory slide channel" was attacked and allowed to gain entry into the other systems.

The apps that were the most open to attack included the Gmail app from Google for accessing emails; the banking app from Chase Bank; a tax app from H&R Block; the health focused app from WebMD  and the travelling app for Hotels.com, as well as the popular shopping app from Amazon.com. Amazon's app was reportedly the most difficult to crack open. 

Latest News