GMail successfully hacked 92% of the time

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Browser
Posts: 4857
Joined: Wed Sep 05, 2012 4:54 pm

GMail successfully hacked 92% of the time

Post by Browser »

University researchers have found a way to hack gmail accounts successfully using Apps. Apple may also be vulnerable.

http://money.msn.com/money-video/defaul ... elevancy#4
We don't know where we are, or where we're going -- but we're making good time.
German Expat
Moderator
Posts: 961
Joined: Fri Oct 16, 2009 10:49 pm

Re: GMail successfully hacked 92% of the time

Post by German Expat »

Your link asks for a Microsoft live account login?

I found a different link with no login required:

http://rt.com/news/182168-gmail-android ... -research/
User avatar
roymeo
Posts: 1278
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: GMail successfully hacked 92% of the time

Post by roymeo »

Comment on the second one: "You missed the part where the attacker would need physical access to the device, and have to disable three different safety settings nobody ever touches."

proper headline: "Zero-day discovered by researchers, details given to developers of vulnerable software, paper to follow." Just run that one daily.
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo
User avatar
Ice-9
Posts: 1579
Joined: Wed Oct 15, 2008 12:40 pm
Location: MD

Re: GMail successfully hacked 92% of the time

Post by Ice-9 »

The paper referenced in the article:
http://web.eecs.umich.edu/~alfchen/alfred_sec14.pdf
TheOscarGuy
Posts: 1562
Joined: Sat Oct 06, 2012 1:10 pm
Location: Where I wanna be.

Re: GMail successfully hacked 92% of the time

Post by TheOscarGuy »

This seems to work by way of app interacting with google mail app, and gaining control. One could argue that you just don't download "untrusted" apps, reducing the possibility, though not completely eliminating it, of getting your gmail hacked.

On a related note: who uses google mail app, and not configure their email service directly to use the built in (ios) email client?
German Expat
Moderator
Posts: 961
Joined: Fri Oct 16, 2009 10:49 pm

Re: GMail successfully hacked 92% of the time

Post by German Expat »

This was mainly about android and on android gmail is the default mail app
FreemanB
Posts: 374
Joined: Thu May 22, 2014 5:55 am

Re: GMail successfully hacked 92% of the time

Post by FreemanB »

TheOscarGuy wrote:This seems to work by way of app interacting with google mail app, and gaining control. One could argue that you just don't download "untrusted" apps, reducing the possibility, though not completely eliminating it, of getting your gmail hacked.

On a related note: who uses google mail app, and not configure their email service directly to use the built in (ios) email client?
It doesn't even look like it gains control of your app. It seemed more like it basically could monitor device to capture information, probably by monitoring memory locations, actions(The example in the article is taking a second picture of a check in a Chase app), and other internal processes that are actually separate from the app itself. This doesn't strike me as an app vulnerability as much as a general vulnerability any time a device is physically compromised. Even the researchers say that there has to be a balance between usability and vulnerability, and would suggest more secure system designs. I interpret it to basically mean that a compromised system(No matter what type) isn't secure. That isn't exactly news.

I use the Gmail app on my Android phone, and my wife uses it on her iPhone. I think she had problems with the native client back when she switched to Gmail, but I don't remember the details.
User avatar
Ice-9
Posts: 1579
Joined: Wed Oct 15, 2008 12:40 pm
Location: MD

Re: GMail successfully hacked 92% of the time

Post by Ice-9 »

Videos of the app being used to steal sensitive info: https://sites.google.com/site/uistatein ... tack/demos
(includes what permissions are needed for the attack to work)
mucho dinero
Posts: 172
Joined: Tue Feb 20, 2007 8:43 pm

Re: GMail successfully hacked 92% of the time

Post by mucho dinero »

Folks,

I am happy to see that this discussion is happening on this forum. For the last week I have been searching for information concerning this study. To the best of anyones knowledge does this have any implications relative to G-mails accounts or chrome browsers on Desk Tops or lap tops which are associated with Apple operating systems? I never use either my I-phone or I-pad devices for sensitive data. And when I am dealing with data that I would not want to be compromised I have been informed that the Chrome browser and G-mail are the best way to go.

Any advice relative to this issue would be greatly appreciated.
ASUGrad
Posts: 259
Joined: Sun Oct 20, 2013 8:09 pm

Re: GMail successfully hacked 92% of the time

Post by ASUGrad »

So basically what it does is that as long as you have the infected app running it steals anything you are doing. This isn't a gmail problem. Its an anything you are doing problem. Its basically like a key logger virus but it reads anything happening on the phone. It reads activity.

First line of defense. Be careful what apps you download.

Second. Avoid logging into sensitive accounts via a phone. This actually shows an area where having a service like Mint is beneficial. With the mint app you just click and it shows the balances in your accounts and activity. However it does NOT show account numbers. It also doesn't require logging into each account so there is no chance to steal log in information.

Third. 2 factor authentication. Sure the second form of authentication is normally a text which they would be able to see as soon as you read it on the phone, but the fact that you are getting the text would be a huge red flag alerting you to the fact that you had been hacked. :wink:
And when I am dealing with data that I would not want to be compromised I have been informed that the Chrome browser and G-mail are the best way to go.
On a computer chrome is the safest browser. Gmail with two factor authentication is still very secure. This virus isn't even hacking into gmail. It just allows the hacker to see what you see when you are on your phone. Yes this is verybad, but its very different from them having free rain over the account when you are away.

For sensitive information I will stick to my chromebook(what I'm using now), the gold standard in the level of protection a computer should have.
Sidney
Posts: 6784
Joined: Thu Mar 08, 2007 5:06 pm

Re: GMail successfully hacked 92% of the time

Post by Sidney »

ASUGrad wrote: Avoid logging into sensitive accounts via a phone.
In addition to this, I never give my phone access to any of the password reset email accounts.
I always wanted to be a procrastinator.
mucho dinero
Posts: 172
Joined: Tue Feb 20, 2007 8:43 pm

Re: GMail successfully hacked 92% of the time

Post by mucho dinero »

ASUGrad »said the following: "On a computer chrome is the safest browser. Gmail with two factor authentication is still very secure. This virus isn't even hacking into gmail. It just allows the hacker to see what you see when you are on your phone. Yes this is verybad, but its very different from them having free rain over the account when you are away.

For sensitive information I will stick to my chromebook(what I'm using now), the gold standard in the level of protection a computer should have."

Your answers written in the two paragraphs above is just what I was looking for, and it is music to my ears. I can now sleep well knowing that the results of the specific study relative to android phones is not applicable to my mainframe products. Thanks for taking the time to answer my question. Have a great week.
Also Sidney thank you for the advice not to use my i-phone to log into sensitive accounts. I follow this practice all ready, but it is all ways good to be reminded of good practices. You too have a great week.
Post Reply