Any Android device not running Pie can be tracked and located thanks to new vulnerability
by Alan Friedman / Sep 03, 2018, 12:11 AM
A research report from research firm Nightwatch Cybersecurity reveals the latter's discovery of a new Android vulnerability. The flaw allows apps to ignore permissions to gain access to information that is found in system broadcasts. That includes the name of the Wi-Fi network being used by a device, BSSID, the MAC address of the device, DNS server information and local IP addresses.
less than .1% of Android users are running the latest build of Android on their phones. Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS.With this information, a malicious app could locate, geolocate and track any Android device right down to a street address. In addition, a hacker could look around a Wi-Fi network unchallenged, and even attack it. There is some good news and bad news about this vulnerability. The good news is that Google apparently fixed the flaw with Android 9.0 Pie. The bad news is that
Not only are older Android devices running pre-Pie builds vulnerable to this flaw, devices powered by a forked version of Android are also open to this attack. Amazon's Fire Phone and Fire Tablets are driven by this variant of Google's open source operating system, which relies on apps and content from Amazon instead of Google.
Unfortunately, with Google deciding not to protect older versions of Android, and the distribution of Android 9.0 Pie as limited as any new Android build, your best bet is to refrain from sideloading any unofficial app that could be used to take advantage of the vulnerability.
Posts: 178; Member since: Mar 10, 2017
Essential for the win yet again
posted on Sep 03, 2018, 12:22 AM 1
Posts: 2694; Member since: Nov 09, 2015
Fake News. If conservatives can do it; then why can't I? So... Let's call it fake news and live in oblivion and denial; happily ever after. Too bad; my conscience won't let me! Oh well...
posted on Sep 03, 2018, 12:31 AM 0
Posts: 6452; Member since: Jul 11, 2012
Conflicted comment dude. Are you saying it's fake news? You're gonna live in denial...but you have a conscience? This actually does come across as fake news...or at the very least a scare attempt to get everyone updated to android pie for some reason. Highly doubtful this new update will solve much, and besides...this new update will remove my ability to record phone calls which is something I'm not ready to give up.
posted on Sep 03, 2018, 3:33 AM 3
Posts: 35; Member since: Aug 23, 2018
First to comment. YAY.. From the report, it seems this has been existing for a really long time and who knows what other flaws exist(and is currently being exploited) in our mobile devices.
posted on Sep 03, 2018, 12:33 AM 0
Posts: 3092; Member since: Apr 15, 2016
First to... what? Not even close dude, better luck next time.
posted on Sep 03, 2018, 2:55 AM 2
Posts: 285; Member since: Jul 21, 2014
This would only affect me if I sideloaded apps. Since I don't I'm not too worried. I'm disappointed with Google's lack of effort to fix this for everything pre-Pie
posted on Sep 03, 2018, 1:40 AM 0
Posts: 37; Member since: Oct 03, 2013
You're naive . Even apps from the store can listen to broadcast. There could be a million apps doing right now. I don't own how phone arena can put a comment like this making people think apps from the store can't use the vulnerability
posted on Sep 03, 2018, 10:42 PM 0
Posts: 389; Member since: May 08, 2017
Well I see that the author tried it's best but it's not as big of a deal as it tries imply. First you have to install a shady app by yourself. Second it can only track your location and tired the option of attacking a Wifi network is just that, an option. It's also sounds like a lot of effort so 99.99999% of android users are safe anyway.
posted on Sep 03, 2018, 6:25 AM 0
Posts: 37; Member since: Oct 03, 2013
It's only one like e to catch the broadcast. Maybe multiple if it's send through multiple broadcasts. Easiest vulnerability to the most rookie developer if they got what it is. Apps in the store could use it maybe even using it right now
posted on Sep 03, 2018, 10:47 PM 0
Posts: 3819; Member since: Nov 01, 2016
Wake me when anyone is affected. Plus your network provider already has all this info regardless of what device you have. What are they doing with the info? How securely are they holding the data? Also who cares where you are...
posted on Sep 03, 2018, 9:06 AM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):