[allisos]

Check out this article from the University of California, Riverside

UCR Today: Hacking Gmail with 92 Percent Success

They claim a 92 % success rate on hacking gmail.... among other apps. They went after gmail, H&R Block, Chase... not exactly small time apps with no security.

I may start deleting android apps after all....

Posted via CB10

[allisos]

Videos for the lazy:
https://sites.google.com/site/uistat...ceattack/demos

Posted via CB10

[notafanboy]

Even more reason to use a BlackBerry. It's to bad the lame stream media has re-educated the masses into thinking inferior phones like ios and Google are better.

Posted via CB10

[Traxxmy]

Check out this article from the University of California, Riverside

UCR Today: Hacking Gmail with 92 Percent Success

They claim a 92 % success rate on hacking gmail.... among other apps. They went after gmail, H&R Block, Chase... not exactly small time apps with no security.

I may start deleting android apps after all....

Posted via CB10

Better still just stay offline and disconnect yourself from the world. So paranoid about security. You making like BlackBerry is the most secure of all and other are noob when it comes to security.

Symbian is still and always my favourite Os. Nokia 808. FilePLAY Music Player

[Witmen]

The attack works by getting a user to download a seemingly benign, but actually malicious, app....

Like always, the attack requires the user to do something stupid first. Surely most people are smart enough not to download no name, supicious apps, or apps from untrusted sources.

Yet another cyber attack on the smartphone users of the world that will ultimately end up hurting absolutely no one (or atleast no one with a shred of common sense), but will be blown way out of proportion on CrackBerry forums.

[Varun Naive]

This is the reason I buy BlackBerry
BlackBerry rocks and rest shocks!!!

Zed 10 --� The BEAST

[allisos]

Gmail Hacked: Researchers Prove Infiltrating Popular Mobile Apps Is Easy [VIDEO]

No name app? What happens when hackers in a multimillion dollar spam industry, pay developers to make a useful app, and hide the code inside of it??

Like always, the attack requires the user to do something stupid first. Surely most people are smart enough not to download no name, supicious apps, or apps from untrusted sources.

Yet another cyber attack on the smartphone users of the world that will ultimately end up hurting absolutely no one (or atleast no one with a shred of common sense), but will be blown way out of proportion on CrackBerry forums.

[allisos]

Sure.... no other governments are spending any time at all on hacking.... its just some college kids.....

Please tell me people aren't this ignorant....

[AnimalPak200]

Once that app is installed, the researchers are able to exploit a newly discovered public side channel ? the shared memory statistics of a process, which can be accessed without any privileges. (Shared memory is a common operating system feature to efficiently allow processes share data.)

The researchers monitor changes in shared memory and are able to correlate changes to what they call an ?activity transition event,? which includes such things as a user logging into Gmail or H&R Block or a user taking a picture of a check so it can be deposited online, without going to a physical CHASE Bank. Augmented with a few other side channels, the authors show that it is possible to fairly accurately track in real time which activity a victim app is in.

I'm pretty sure a user running Android apps on BB10 would be just as vulnerable.

Posted via CB10

[allisos]

I'm pretty sure a user running Android apps on BB10 would be just as vulnerable.

Posted via CB10

Not if the android app is scanned by BlackBerry's new guardian service.

Posted via CB10

[AnimalPak200]

Not if the android app is scanned by BlackBerry's new guardian service.

Posted via CB10

This is true, however so far it seems like they have only scanned (for the comparison database) big-name apps, which is an interesting starting point considering these come from "trustworthy" companies/developers.

Posted via CB10

[allisos]

This is true, however so far it seems like they have only scanned (for the comparison database) big-name apps, which is an interesting starting point considering these come from "trustworthy" companies/developers.

Posted via CB10

I'm sure as the system ages and matures you will see an improved efficiency at which apps are scanned. The Guardian / Trend Micro arrangement hasn't been in place all that long after all.

Posted via CB10

[Ment]

Not if the android app is scanned by BlackBerry's new guardian service.

Posted via CB10

The Playstore has had malware scanning at the app store and device level before BB even thought about it for its runtime so there is no advantage there. In addition Google is likely to find out about vulnerabilities way before BB or its partners would about Android.

The question is do BB10 apps and runtime apps share the same memory space for GUI elements/display. If they do then in theory an malware infected apk could peek into running BB10 apps and then launch a false input screen. In practice highly unlikely as hackers try to get the most bang for their buck and BB does not have the marketshare.

[THBW]

The Playstore has had malware scanning at the app store and device level before BB even thought about it for its runtime so there is no advantage there. In addition Google is likely to find out about vulnerabilities way before BB or its partners would about Android.

The question is do BB10 apps and runtime apps share the same memory space for GUI elements/display. If they do then in theory an malware infected apk could peek into running BB10 apps and then launch a false input screen. In practice highly unlikely as hackers try to get the most bang for their buck and BB does not have the marketshare.

BlackBerry runs Android apps in a sandbox for a reason. Google simply has no effective control in malware. Sort of a duh.

Posted via CB10

[allisos]

BlackBerry runs Android apps in a sandbox for a reason. Google simply has no effective control in malware. Sort of a duh.

Posted via CB10

I was surprised to see that they had success on IOS and windows phone as well.... but no mention of blackberry... at a security conference? I wonder if they didn't test BlackBerry, or didn't have success...

Their paper emphasized how much "success" they had.

Posted via CB10

[DisturbedRocks31]

You can do the same with a BlackBerry 10 app though. If you give an app access to internet, it too can transmit your information from your super secure BlackBerry.

Security depends on the user's intelligence. BlackBerrys are not secure if a stupid person uses them incorrectly, just as Android and iOS devices are not secure if a stupid person uses them incorrectly.

[bakron1]

And if you would have read the entire article, google welcomed the data so they can improve their security measures.

In today's society with all the tools available to the criminals, nothing is 100% safe as long as your are connected to the grid, period.
Sent from my lovely z30 on T Mobile USA

[allisos]

And if you would have read the entire article, google welcomed the data so they can improve their security measures.

In today's society with all the tools available to the criminals, nothing is 100% safe as long as your are connected to the grid, period.
Sent from my lovely z30 on T Mobile USA

Ok.... this.... tools available to criminals? What tools?

This is a white paper on how hack android, along with video evidence of accomplishing just that.

It doesn't really make any logically sense to create blanket statements of "nothing is safe".

Show me video evidence of a BES10 BlackBerry being compromised. Pretty please.

Show me video evidence of bb10 10.2.1 having any kind of hack done to it. Rooting? Jail breaking?

Posted via CB10

[allisos]

You can do the same with a BlackBerry 10 app though. If you give an app access to internet, it too can transmit your information from your super secure BlackBerry.

Security depends on the user's intelligence. BlackBerrys are not secure if a stupid person uses them incorrectly, just as Android and iOS devices are not secure if a stupid person uses them incorrectly.

I guess you didn't read the article or whitepaper... this is code that could be built inside of an app, and doesn't require permissions. One of the attacks required network access, not all. This code could be embedded in an app from any source, and not necessarily an untrustworthy one.

This contains video of an android phone being hacked. Show me a video of a BlackBerry being hacked.

I'm willing to concede a BlackBerry is "just as vulnerable" when someone actually shows it happening. Until then, let's stick to facts. This is a whitepaper on how to hack android, IOS, and windows phone.


Posted via CB10

[allisos]

The Playstore has had malware scanning at the app store and device level before BB even thought about it for its runtime so there is no advantage there. In addition Google is likely to find out about vulnerabilities way before BB or its partners would about Android.

The question is do BB10 apps and runtime apps share the same memory space for GUI elements/display. If they do then in theory an malware infected apk could peek into running BB10 apps and then launch a false input screen. In practice highly unlikely as hackers try to get the most bang for their buck and BB does not have the marketshare.

BlackBerry has software on the phone that actually scans the code on the device... so it's another layer of interaction you're not even mentioning.


Posted via CB10

[bakron1]

Ok.... this.... tools available to criminals? What tools?

This is a white paper on how hack android, along with video evidence of accomplishing just that.

It doesn't really make any logically sense to create blanket statements of "nothing is safe".

Show me video evidence of a BES10 BlackBerry being compromised. Pretty please.

Show me video evidence of bb10 10.2.1 having any kind of hack done to it. Rooting? Jail breaking?

Posted via CB10

No software code is 100% safe and my evidence is reading articles and hearing news reports of high tech companies and even government servers being hacked and/compromised on a weekly basis.

These are companies who thought their systems where safe, well guess again, their not. If you think BES is 100% safe, well, I have always looked at history and a fool and his money are soon parted.

[jelp2]

No software code is 100% safe and my evidence is reading articles and hearing news reports of high tech companies and even government servers being hacked and/compromised on a weekly basis.

These are companies who thought their systems where safe, well guess again, their not. If you think BES is 100% safe, well, I have always looked at history and a fool and his money are soon parted.

How does the history of BES look? It's been around for over a decade? Maybe hackers only go for the noobs?

[allisos]

No software code is 100% safe and my evidence is reading articles and hearing news reports of high tech companies and even government servers being hacked and/compromised on a weekly basis.

These are companies who thought their systems where safe, well guess again, their not. If you think BES is 100% safe, well, I have always looked at history and a fool and his money are soon parted.

Again, please supply facts. All of these "servers"... are we talking about phones? BlackBerry software? And if they are so readily hacked, it should be easy to find proof... where is the article that clearly states BES was compromised? Where is any video evidence of a BlackBerry being hacked?

We all can go get proof for IOS, android, windows phone. I'll wait patiently for some facts. Ya know... the verifiable kind.

Posted via CB10

[allisos]

How does the history of BES look? It's been around for over a decade? Maybe hackers only go for the noobs?

Ya know... every significant government in the world uses it in an environment where everyone is trying to hack one another... and the best we heard of is hacking the phone system, or spoofing wifi.

Maybe hackers have low self esteem and think BES is too much of a challenge.

Posted via CB10

[DenverRalphy]

This is something every platform needs to be aware about. It's not an OS specific vulnerability, it's more an "every OS" vulnerability. The article itself even mentions that the engineers are confident that it should work on any OS.

It's basically an evolved form of stack crushing attacks, where hackers would basically use a method to force a program/app with poor Exception Handling to crash to discover where in memory particular pieces of data are stored, and subsequently grab that data. However, since most modern OS's today have built measures to mitigate that form of attack, the researchers at UCR seem to have found a new method to grab that same data in a different manner. Particularly troubling, is that it doesn't require crashing a process to succeed.

Every OS, even QNX/BB10, utilizes memory sharing. It's not an OS flaw so much as it's a "how modern day computers work" flaw.

The kicker though, is that each app needs to be studied intimately for the hack to work. The user has to be unaware that they've installed it, app stores need to be blind to it (every app store scans all apps now), and the OS needs to be blind to the attack (Android and BB10 scan on device, I don't know if iOS or WP have the ability). As well, timing has to be Johnny On The Spot to succeed.

It is a bit heartening to know that the hack has not been found in the wild. Though releasing the proof of concept will put others on the trail.

Sent from my SCH-I545 using Tapatalk