New Malware Exploits Info Sharing Between Apps
| Marc Maligalig | | Aug 25, 2014 05:44 AM EDT |
(Photo : Wikimedia Commons)
Information such as sensitive images, login credentials and other data can be retrieved by malware that exploits newly uncovered information-leakage weakness on an operating system.
The exploit is also called a user interface interference attack, said a team of researchers from the University of California at Riverside and University of Michigan in a paper at the ESENIX Security Conference.
Like Us on Facebook
A user interface interference attack exploits the programming design of frameworks that share data and that let other applications collect data on the state of other apps.
Data can be collected by grabbing screen pixels. The process doesn't require any additional permission from Android.
The method allows an attacker to mount more convincing attacks by giving him the capability to ask about the state of a particular app.
The malicious software is able to generate a dialog box to retrieve usernames and passwords when it detects the user select a "login" button.
It can also do this if the user intends to take a photo of a confidential document or a check. The malware is quick to snap a second photo.
"Although UI state knowledge does not directly reveal user input, due to a lack of direct access to the exact pixels or screenshots, we find that it can effectively serve as a building block and enable more serious attacks such as stealing sensitive user input," researchers said.
Researchers said the attack app can determine the foreground activity of a specific application with 80 percent to 90 percent accuracy when it runs in the background.
The method utilizes a signature to recognize the new state after it detects changes in the state of the user interface of a targeted program.
The malware can accurately represent the status of a particular program b generating a signature from four different events: the central processing unit usage of any drawing event; content offered by another program; size of any data packets sent and user input.
"The assumption has always been that these apps can't interfere with each other easily," Zhiyun Qian, an associate professor of computer security at UC Riverside and co-author of the paper said .
"We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."
TagsMalware, hackers, Data collection, Data breach, Data, Tablet, Android tablet
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?
