They found out weaknesses believed to exist in Android, Windows and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone. The researchers tested the method and found it was successful between 82 per cent and 92 per cent of the time on six of the seven popular apps they tested. The researchers believe their method will work on other operating systems because they share a key feature researchers exploited in the Android system. A user would be vulnerable if they downloaded an app that appeared to be benign but in reality was malware; hackers could then exploit this vulnerability to observe whatever personal data the user entered. One example might be when a user opens a banking app and logs in. The hacker would be notified and could begin an “activity hijacking attack,” allowing them to get a user’s personal information. Another example could be when a check is deposited electronically. A “camera peeking attack” could steal the image of the check, allowing hackers access to sensitive information such as the bank account number, routing number and signature.
