CHINA TOPIX

12/22/2024 05:00:28 pm

Make CT Your Homepage

New Malware Exploits Info Sharing Between Apps

Android Logo

(Photo : Wikimedia Commons)

Information such as sensitive images, login credentials and other data can be retrieved by malware that exploits newly uncovered information-leakage weakness on an operating system.

The exploit is also called a user interface interference attack, said a team of researchers from the University of California at Riverside and University of Michigan in a paper at the ESENIX Security Conference.

Like Us on Facebook

A user interface interference attack exploits the programming design of frameworks that share data and that let other applications collect data on the state of other apps.

Data can be collected by grabbing screen pixels. The process doesn't require any additional permission from Android.

The method allows an attacker to mount more convincing attacks by giving him the capability to ask about the state of a particular app.

The malicious software is able to generate a dialog box to retrieve usernames and passwords when it detects the user select a "login" button.

It can also do this if the user intends to take a photo of a confidential document or a check. The malware is quick to snap a second photo.

"Although UI state knowledge does not directly reveal user input, due to a lack of direct access to the exact pixels or screenshots, we find that it can effectively serve as a building block and enable more serious attacks such as stealing sensitive user input," researchers said.

Researchers said the attack app can determine the foreground activity of a specific application with 80 percent to 90 percent accuracy when it runs in the background.

The method utilizes a signature to recognize the new state after it detects changes in the state of the user interface of a targeted program.

The malware can accurately represent the status of a particular program b  generating a signature from four different events: the central processing unit usage of any drawing event; content offered by another program; size of any data packets sent and user input.

"The assumption has always been that these apps can't interfere with each other easily," Zhiyun Qian, an associate professor of computer security at UC Riverside and co-author of the paper said .

"We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."

Real Time Analytics