Researchers from the University of California Riverside’s Bourns College of Engineering have identified a weakness in Android which allows personal data to be obtained from apps.
The researchers believe their method will work on other operating systems because they share a key feature researchers exploited in the Android system. However, they haven’t tested the program using the other systems yet.
The attack involves a person to get a very simple app like a one to display a wallpaper . Once the malicious app is installed, the researchers can exploit a newly discovered public side channel, the shared memory statistics of a process, which can be accessed without any privileges.
Shared memory is an operating system feature commonly used to allow apps to share data. By monitoring changes that take place in it researchers are able to correlate them to what they call an “activity transition event,” which includes such things as a user logging on to Gmail.
Users are requested not to install untrusted apps. Also the researchers have mentioned that the operating system itself will need some more security upgrades if such hacks have to be stopped.Share