Home > News > You Thought Gmail Was Safe?

You Thought Gmail Was Safe?

You were wrong…

Michael Cruickshank
You Thought Gmail Was Safe?© 2018 Google

Google’s Gmail service is one of the world’s most popular webmail clients. With over 425 million users, any bugs within the service’s code would represent a massive and hugely profitable target for hackers. For this reason, a recent research paper by a group of white hat hackers from the University of California and the University of Michigan is all the more alarming.

"[A] breach is indeed possible, leading to severe security consequences."

This team found a massive security breach within the basic code of the Android operating system that leaves up to 92% of all Gmail accounts vulnerable to hacking. They managed to find a vulnerability within the GUI (graphical user interface) of the Android operating system which revolved around the ‘state’ information for the GUI being poorly protected. A background malicious app could be used to analyse this information then be tasked with stealing sensitive information such as passwords and usernames.

Surprisingly… on the Android system such GUI confidentiality breach is indeed possible, leading to severe security consequences.” they explain in their research paper.

Image: © 2014 Flickr - Ash Kyd

Almost nowhere is safe from hackers online.

As this was a flaw within the Android operating system, not just Gmail, the team was also able to utilise it to attack other popular applications. While Gmail was the easist to break, they also had sucess accessing information from the apps of H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.

This new approach to hacking the Android operating system will have programmers scrambling to update their apps, and patch this newly found vulnerability, as indeed was the motivation for this team to publicly release their findings. Regardless, this is just one more piece of evidence that almost nowhere is safe from hackers online, especially high profile targets.

Related articles

This page is currently only available in English.