Malicious Apps Could be Using Your Phone's Shared Memory to Access Personal Information

By Tom Pritchard on at

Researchers at the University of California Riverside and the University of Michigan have identified a fatal flaw in the iOS, Android, and Windows Phone which could allow malicious apps to obtain personal information through the device's shared memory.

According to Zhiyun Qian, an associate professor at UC Riverside, it has always been assumed that apps could not communicate with each other via a device's shared memory, but it turns out that this isn't the case and their work shows the negative consequences installing one harmful app can have.

To demonstrate, the researchers had phones download an app that contained malicious code. Once installed they were able to use that code to access the shared memory of any programme that doesn't require special privileges. By monitoring the shared memory it became possible to see what the user was doing at any given time, and by timing things right researchers were able to replace app log-in screens with exact duplicates. If that were to happen in the real world, the creators of the malicious app would then be in possession of your log in details.

The researchers tested seven apps in total and found that Gmail was one of the easiest to crack (82-92 per cent success rate), while Amazon was the hardest (48 per cent success rate).

You can see how the process works in the videos below, and remember not to download untrusted apps in the future. [UCR Today via CNET]

Featured image from UCR Today