Researchers at the University of Michigan and the University of California, Riverside, discovered that six out of seven popular apps could be hacked with up to a 92 percent success rate.
They found out weaknesses believed to exist in Android, Windows and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone.
The researchers tested the method and found it was successful between 82 per cent and 92 per cent of the time on six of the seven popular apps they tested.
Among the apps they easily hacked were Gmail, CHASE Bank and H&R Block. Amazon, with a 48 per cent success rate, was the only app they tested that was difficult to penetrate.
The researchers believe their method will work on other operating systems because they share a key feature researchers exploited in the Android system.
A user would be vulnerable if they downloaded an app that appeared to be benign but in reality was malware; hackers could then exploit this vulnerability to observe whatever personal data the user entered. One example might be when a user opens a banking app and logs in. The hacker would be notified and could begin an “activity hijacking attack,” allowing them to get a user’s personal information.
Another example could be when a check is deposited electronically. A “camera peeking attack” could steal the image of the check, allowing hackers access to sensitive information such as the bank account number, routing number and signature.
The researchers demonstrate the hacks on their website, showing how they were able to compromise seven different Android apps: WebMD, Gmail, Chase, H&R Block, Amazon, NewEgg and Hotel.com. They said they managed to hack into Gmail and H&R Block about 92 percent of the time. The Amazon app proved to be least vulnerable, they said, with a hacking success rate of about 48 percent. They said this was most likely due to the UI model Amazon uses in its app; instead of having the same screen and different text, Amazon provides a different options menu for each activity.