It has been usual that a certain security flaw hits only a single operating system at a time, but a new finding from researchers the University of California and University of Michigan show a massive vulnerability across the Android, Windows, and iOS operating systems.
This means millions of apps within those ecosystems could potentially be exposed to compromises if left unattended. That’s in addition to the risks that might lead to data theft if attackers maneuver malicious apps.
Although the researchers performed the security tests on an Android-based mobile device, they also found that the attack method applies to the Windows Phone and iOS operating systems. The commonality of the attack method on all platforms could be attributed to the ability of the apps to gain entry into a mobile device to collect sensitive information of the shared memory.
A common scenario was employed by the researchers to see how the attack works. First, a user downloaded a random app, say desktop background photo. Then the researchers exploited the public side channel, which represents the shared memory of the download. This shared memory is found to be accessible even with a lack of app privileges.
The researchers then kept track of the shared memory to tie in the changes with the transition of the activity. This monitors every event that a user performs on an app. So when a user logs in to Gmail or an online bank account, there is a good chance that the details of that activity has been monitored.
For the attack to push through, certain requirements must be met. One, attackers should perform the attack in real time to catch the moment when a potential victim logs in to an online account in social media or productivity software tools. Then the attacker should see to it that the hack is hidden from the radar of the user by doing it at the right time.
The researchers found that this method proved successful during their tests most of the time. They were also able to perform the test hack successfully on Gmail. However, the method failed most of the time when tested on Amazon. That is so because of the system’s smooth transition of activities from one event to another, therefore creating hard timing for attackers to pull off a hack.
Again, timing is key here for the hacker. So it can be said that Android makes it easy for attackers to perform the attack because of the ease with which the timing of the attack could done on this platform.
Users of this platform are advised not to install apps from third-party stores.