Researchers at the University of California’s College of Engineering and the University of Michigan have identified a weakness in Gmail’s mobile application that could allow malicious third party apps to obtain personal information from users’ email accounts. Researchers found that 92 percent of Gmail accounts, and around 82 per cent of the several apps they tested, can be cracked using the memory interrogation technique.
While this is an alarmingly high success rate the important fact is that this predominantly results from social engineering attacks or downloads of infected applications rather than a direct flaw in the Gmail application. This can probably be linked to the fact that both businesses and individuals are increasingly using a range of mobile applications from a variety of developers and sources. While these applications can have a lot to offer it is important that users consider the access they may be inadvertently offering to third parties by using such services.
With applications often requiring a variety of access permissions, people need to be aware of the other functionality and systems running on their device that they might be making accessible to external parties and hackers. Individuals and businesses alike should carefully consider and research what applications they are downloading to their mobile devices to ensure they don’t inadvertently leave themselves open to attacks from hackers. Simple steps like only downloading apps from trusted stores and developers can massively reduce the risks of cyber-attacks that people are exposed to.
In the case of businesses this should fall under a clearly defined data loss prevention strategy that covers all aspects of their IT operations. This includes both managing the applications used on corporate devices and ensuring staff receive the required training to reduce the risk of an infected app making its way onto the corporate network.