Security bods: Android system broadcasts enable user tracking

Home Forums Software & Firmware Android – Phone & Tablets Security bods: Android system broadcasts enable user tracking

This topic contains 0 replies, has 1 voice, and was last updated by UK Sentinel UK Sentinel 1 week, 4 days ago.

  • Author
    Posts
  • #539
    UK Sentinel
    UK Sentinel
    Moderator

    Security researchers have found a way to sniff Android system broadcasts to expose Wi-Fi connection information to attackers.

    Tracked as CVE-2018-9489, the issue was discovered by Nightwatch Cybersecurity and published yesterday. If you can, upgrade to Android 9 (Pie), because there’s no plan to fix older versions.

    What they found was that the system broadcasts spaff “Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address” to any application running on the device, even though this is supposed to be protected information, “bypassing any permission checks and existing mitigations”.

    The reason older Android versions won’t get a fix, the post claimed, is that Google said it would break older APIs.

    The problem is in how application developers use what Android calls “intents” for inter-process communication. The Nightwatch post explained: “While functionality exists to restrict who is allowed to read such messages, application developers often neglect to implement these restrictions properly or mask sensitive data”.

    To follow this story, check this link

You must be logged in to reply to this topic.