A group of researchers are claiming they’ve been able to hack Gmail and other services with a 92% success rate. Among those found to be vulnerable to the attack were several apps which house important financial info, as well as personal data. The group is set to release their findings at a cybersecurity conference in San Diego soon.
Other affected apps include Chase (the banking app), Newegg, WebMD, and hotels.com. Amazon was also noted as being vulnerable, but theirs was the hardest app to crack (48% success rate). The hack is simple, clearly effective, and likely easy to recreate.
Malware is placed in an app, which you would download to your device. Via the shared memory space on the device, hackers could tell when you were using an app such as Gmail, and use that opportunity to pinch your information. Zhiyun Qian, a researcher at the University of California and one of the researchers from the team, said “The assumption has always been that these apps can't interfere with each other easily. We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user.”
One very serious threat came via the Chase banking app. A feature of that app is that a customer can simply take a picture of a check for deposit, rather than visiting the bank in person. This hack gave access to the camera, effectively giving hackers access to other account info and signatures, all from looking at the check.
This hack was accomplished on Android, but researchers theorize it could be accomplished on any mobile operating system.