Researchers discover new cyber exploitation method Published Sept. 22, 2014 By Capt. Wesley Indharasophang 436th Operations Support Squadron DOVER AIR FORCE BASE, Del. -- On August 23, 2014, researchers from the University of California and the University of Michigan published a paper describing a new hacking technique that exploits the shared memory channel present in Windows, iOS and android smartphones. There are no special privileges needed to access the shared memory. The researchers tested the technique against multiple mobile applications. They found that the technique has a 92 percent effective rate against the Gmail App and between 82-92 percent effective rate against apps such as Chase (banking) and H&R Block. Many banking apps that allow the user to take an image of their check via mobile phone for deposit are potentially vulnerable to this exploitation of shared memory. How does someone become vulnerable this type of cyber compromise? The process for exploitation starts when the user downloads a malicious app. The App can be disguised as a wallpaper changer for example. Once the user downloads the malicious app, the app monitors the shared memory to determine the likely activity of the user and relays this information to the hacker. For example, the malicious app can determine based on diagnostic analysis, that the user is utilizing the Chase banking App and is about to input their username and password or take a picture for mobile deposit. Based on information from the malicious app, the hacker can then conduct their attack to gather personal information from the user. This information can then be used to conduct future cyber exploitation against the user or use it for other criminal activities. So how do you prevent this from happening? This vulnerability on your smartphone can only be exploited if the user downloads a malicious app. Apps from the Apple Store, Google Play, or other official android markets are generally safe. Downloading from unofficial sources increases your risk of being a cyber-victim. Further information on the University of Michigan study can be found at the following link: http://www.cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf.