Researchers to 9 2% The success rate of hijacking the Gmail application-vulnerability warning-the black bar safety net

ID MYHACK58:62201452884
Type myhack58
Reporter 佚名
Modified 2014-08-25T00:00:00


You from a third party site to download a Wallpaper application, it does not require any permissions, so you figure it won't be the malicious applications.

But the University of California, Riverside researchers published a study PDF that does not require any permission the app can also steal your sensitive information.

This attack method is called the UI state inference attack, they targeted platform is Android, but think the otheroperating systemthere is a similar weakness.

The program opens a window needs to occupy a memory, a malicious program by monitoring the used memory and unused memory change, it can be inferred that you opened a which program of what window, such as a malicious program author to observe to open a PayPal login window take up how much memory is installed in your phone on the malicious program to monitor to the already occupied memory increased the same as the size of the space, it can infer that you are opening the PayPal login window, it can pop up a fake PayPal login window, lured you to enter the login information.

Through the statistical analysis process of the shared memory changes, the researchers were able to 9 2% The success rate of hijacking the Gmail application.