A research report from research firm Nightwatch Cybersecurity reveals the latter’s discovery of a new Android vulnerability. The flaw allows apps to ignore permissions to gain access to information that is found in system broadcasts. That includes the name of the Wi-Fi network being used by a device, BSSID, the MAC address of the device, DNS server information and local IP addresses.
With this information, a malicious app could locate, geolocate and track any Android device right down to a street address. In addition, a hacker could look around a Wi-Fi network unchallenged, and even attack it. There is some good news and bad news about this vulnerability. The good news is that Google apparently fixed the flaw with Android 9.0 Pie. The bad news is that less than .1% of Android users are running the latest build of Android on their phones. Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS.
Not only are older Android devices running pre-Pie builds vulnerable to this flaw, devices powered by a forked version of Android are also open to this attack. Amazon’s Fire Phone and Fire Tablets are driven by this variant of Google’s open source operating system, which relies on apps and content from Amazon instead of Google.
Unfortunately, with Google deciding not to protect older versions of Android, and the distribution of Android 9.0 Pie as limited as any new Android build, your best bet is to refrain from sideloading any unofficial app that could be used to take advantage of the vulnerability.
Let’s block ads! (Why?)