Android vulnerability exposes users data via wi-fi

By on
Android vulnerability exposes users data via wi-fi

Nightwatch Cybersecurity researchers identified a sensitive data exposure via a wi-fi broadcast vulnerability in Android OS.

Researchers discovered system broadcasts by Android devices expose information about the user's device to all applications running on the device that can be intercepted and bypass any permission checks and existing mitigations on the vulnerable device, according to a 29 August blog post.

“Because MAC addresses do not change and are tied to hardware, this can be used to uniquely identify and track any Android device even when MAC address randomisation is used,” researchers said in the post. “The network name and BSSID can be used to geolocate users via a lookup against a database of BSSID such as WiGLE or SkyHook.”

The vulnerability is in part due to application developers neglecting to implement restrictions to properly mask sensitive data leading to a common vulnerability within Android applications where a malicious application running on the same device can spy on and capture messages being broadcast by other applications.

The vulnerability was patched in Android P / 9 and because this would be a breaking API change, the vendor does not plan to fix prior versions of Android. So users are encouraged to update their systems as soon as possible. 

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Will the 457 visa replacement get you hiring from overseas?
Yes - We've been waiting for this
Yes - It'll become part of our recruitment mix
No - We prefer to hire locally
No - We're not eligible to use the new scheme
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?