News8Plus-Realtime Updates On Breaking News & Headlines

Realtime Updates On Breaking News & Headlines

Researchers uncover a hardware security vulnerability on Android phones

Credit: Unsplash/CC0 Public Area

May your smartphone be spying on you?

Hopefully not, and if that’s the case, not for lengthy, because of a workforce of researchers on the University of Pittsburgh Swanson College of Engineering.

Their latest examine discovered that the Graphics Processing Unit (GPU) in some Android smartphones might be used to snoop on a person’s credentials when the person varieties these credentials utilizing the smartphone’s on-screen keyboard, making it an efficient goal for hacking. This {hardware} safety vulnerability exposes a way more critical menace to person’s delicate private knowledge, in comparison with the earlier assaults that may solely infer the person’s coarse-grained actions, akin to the web site being visited or the size of the password being typed.

“Our experiments show that our attack can correctly infer a user’s credential inputs, such as their username and password, without requiring any system privilege or causing any noticeable shift in the device’s operations or performance. Users wouldn’t be able to tell when it’s happening,” stated Wei Gao, affiliate professor {of electrical} and pc engineering, whose lab led the examine. “It was important to let manufacturers know that the phone is vulnerable to eavesdropping so that they can make changes to the hardware.” 

A cellphone’s GPU processes all the photos that seem on the display screen, together with the pop-up animations when a letter of the on-screen keyboard is pressed. The researchers had been in a position to accurately infer which letters or numbers had been pressed greater than 80 p.c of the time, primarily based solely on how the GPU produces the displayed keyboard animations.

“If someone were to take advantage of this weakness, they could build a benign application—like a game or other app—and embed malicious code into it that would run silently in the background after it’s installed,” stated Gao. “Our experimental version of this attack could successfully target usernames and passwords being entered in online banking, investment, and credit reporting apps and websites, and we have proved that the embedded malicious codes in the app cannot be correctly detected by the Google Play Store.” 

The researchers centered their experiments on the Qualcomm Adreno GPU, however this methodology might probably be used for different GPUs, as effectively. The workforce reported their findings to Google and Qualcomm, and Google confirmed that they are going to launch an Android safety replace later this 12 months to handle the priority.

The paper, “Eavesdropping User Credentials via GPU Side Channels on Smartphones,” was coauthored by Boyuan Yang, Ruirong Chen, Kai Huang, Jun Yang, and Wei Gao. It was offered on the ASPLOS Convention, held Feb. 28 by March 4, 2022, in Lausanne, Switzerland.

QR codes: Is it safe to scan?

Extra info:

Researchers uncover a {hardware} safety vulnerability on Android telephones (2022, April 4)
retrieved 4 April 2022

This doc is topic to copyright. Aside from any truthful dealing for the aim of personal examine or analysis, no
half could also be reproduced with out the written permission. The content material is offered for info functions solely.

Click Here To Join Our Telegram Channel

Source link

If in case you have any considerations or complaints concerning this text, please tell us and the article will probably be eliminated quickly. 

Raise A Concern