Gmail mobile app is vulnerable to 92pc of hacks, say researchers

22 Aug 2014

The Gmail mobile app, one of the most used in the world, is vulnerable to attacks from malicious apps that have a successful attack rate of 92pc, a team of researchers has found.

The team from the University of California came across the flaw in the system by running a malicious piece of code through the Gmail app that, if implemented, could obtain the user’s personal information and any other details stored in his or her Gmail account.

However, according to CNet, while the tests were run exclusively through the Android operating system, the team members believe the same vulnerability exists in both iOS and Windows Phone.

In their test, which they have documented online, they placed the code within a seemingly harmless-looking app that offered new wallpapers, but once downloaded, spreads to the phone’s shared memory statistics, which infiltrates not just Gmail, but any app interconnected with it.

Despite a successful attack rate of 92pc, the researchers still needed a two-step process to pull off a successful attack. The hackers had to act at the exact same time the phone user is connecting to the service, and they had to conduct their activities without arousing the user’s suspicion.

Two other apps that have also been found to be affected by the hack attempts included Hotels.com, which was found to have an 83pc failure rate in preventing an attack, while Amazon’s app has been found to have a 48pc failure rate.

Assistant professor at UC Riverside and member of the research team, Zhiyun Qian, said the assumption has always been that these apps can’t interfere with each other easily.

“We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.”

Gmail Android app image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com