Everyone knows that they need to be careful with their passwords, and do all they can to keep hackers out of their systems. Most people, however, have something of a sense of confidence because unless you are doing something stupid, you aren’t really that likely to get hacked. After all, for most people, hackers just aren’t that interested in putting the effort in to steal your data. If, however, hackers were able to quickly and easily steal your bank information, Gmail accounts and accounts on ecommerce sites with extremely high success rates; that may change.
According to researchers from the University of California, Riverside and the University of Michigan, they have developed a new hack that works 92% of the time to hack Google Gmail accounts on Android based devices. They boast similar success rates when attempting to hack the H&R Block app.
When trying to gather information from the Newegg app their success rate drops to just 86%. For the Chase bank app and hotels.com app, they are getting 83% success rates. The bottom line here is that if your android device were to get hacked using their system, they will almost certainly get your data. The really scary thing is that they report that while they will obviously not be using this strategy maliciously, there is no reason actual hackers can’t replicate it.
The only difficult part of the hack is that they need you to download an app that has their code on it. This, of course, is not very difficult. The Google Play store does not review apps very closely, so hackers have no trouble getting people to download malicious apps.
Once installed, the app will passively monitor your activity and wait for you to perform specific tasks. If, for example, you open up your chase banking app, it will put up a false login screen where you enter your username and password. To make it worse, the hack can also wait for you to perform the ‘mobile check cashing’ portion of the app. When you take a picture of a check you want to deposit, it will send the image to the hacker.
You can read more about the way this hack works on the University of California, Riverside website HERE. This is just one more reason why everyone needs to be more careful deciding which apps they want to install on their mobile devices.