Posted on 08/21/2014 4:48:46 PM PDT by BenLurkin
The problem arises because, due to limited resources, running applications must share some memory with other running applications so that they can all operate efficiently. Truly sensitive data is compartmentalized, but mundane tasks are often carried out in shared memory — and there's no task more mundane than running the nuts and bolts of the device's graphical user interface (GUI).
However, each change an app makes to the GUI requires a specific amount of memory, an amount that often directly and instantly affects the total amount of shared memory used on a given device. As the app's GUI changes, the shared-memory allocation rises and falls — in a way that can let other running apps know exactly what the target app is doing and thus carry out an indirect, or "side-channel," attack.
...
Chen, Mao and Qian then designed a malicious app that permanently ran in the background of the targeted device, as would a wallpaper app. It had no special permissions other than full network access -- but that was enough to transmit information to the attacker's own phone.
The malicious app lies in wait, monitoring the shared memory for signs that the target app is about to begin a sensitive process. At exactly the right moment, the malicious app interferes with the target app and hijacks the user experience to its own ends.
To steal typed information, the malicious app "seizes focus" and displays a phony input screen designed to look exactly like the corresponding real input screen. After the user types in his login credentials, credit-card number or Social Security number, the malicious app displays a phony error notification and returns the user to the real app's input screen.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.