Any Android device not running Pie can be tracked and located thanks to new vulnerability

Any Android device not running Pie can be tracked and located thanks to new vulnerability
A research report from research firm Nightwatch Cybersecurity reveals the latter's discovery of a new Android vulnerability. The flaw allows apps to ignore permissions to gain access to information that is found in system broadcasts. That includes the name of the Wi-Fi network being used by a device, BSSID, the MAC address of the device, DNS server information and local IP addresses.

With this information, a malicious app could locate, geolocate and track any Android device right down to a street address. In addition, a hacker could look around a Wi-Fi network unchallenged, and even attack it. There is some good news and bad news about this vulnerability. The good news is that Google apparently fixed the flaw with Android 9.0 Pie. The bad news is that less than .1% of Android users are running the latest build of Android on their phones. Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS.

Not only are older Android devices running pre-Pie builds vulnerable to this flaw, devices powered by a forked version of Android are also open to this attack. Amazon's Fire Phone and Fire Tablets are driven by this variant of Google's open source operating system, which relies on apps and content from Amazon instead of Google.


Unfortunately, with Google deciding not to protect older versions of Android, and the distribution of Android 9.0 Pie as limited as any new Android build, your best bet is to refrain from sideloading any unofficial app that could be used to take advantage of the vulnerability.

FEATURED VIDEO

22 Comments

1. jonathanfiuwx

Posts: 178; Member since: Mar 10, 2017

Essential for the win yet again

4. GreenMan

Posts: 2694; Member since: Nov 09, 2015

Essential is definitely an essential phone at a great price. If you can live with the notch!

9. Shubham412302

Posts: 564; Member since: Nov 09, 2011

Essential phone does not even has essential componets:- Headphone Jack.

11. Feanor

Posts: 1327; Member since: Jun 20, 2012

Sony Xperia XZ3 for the win yet again.

2. GreenMan

Posts: 2694; Member since: Nov 09, 2015

Fake News. If conservatives can do it; then why can't I? So... Let's call it fake news and live in oblivion and denial; happily ever after. Too bad; my conscience won't let me! Oh well...

13. lyndon420

Posts: 6518; Member since: Jul 11, 2012

Conflicted comment dude. Are you saying it's fake news? You're gonna live in denial...but you have a conscience? This actually does come across as fake news...or at the very least a scare attempt to get everyone updated to android pie for some reason. Highly doubtful this new update will solve much, and besides...this new update will remove my ability to record phone calls which is something I'm not ready to give up.

3. Sweetcheese

Posts: 36; Member since: Aug 23, 2018

First to comment. YAY.. From the report, it seems this has been existing for a really long time and who knows what other flaws exist(and is currently being exploited) in our mobile devices.

12. worldpeace

Posts: 3099; Member since: Apr 15, 2016

First to... what? Not even close dude, better luck next time.

22. Sweetcheese

Posts: 36; Member since: Aug 23, 2018

Lol I think I might need the luck.

5. nodes

Posts: 1152; Member since: Mar 06, 2014

99% of Android phones then. my S8 will get Pie next year, too bad.

19. 47AlphaTango

Posts: 714; Member since: Sep 27, 2015

So as my note 8!

6. L0n3n1nja

Posts: 1521; Member since: Jul 12, 2016

There is no such thing as a secure computer system or OS. New flaws are always found, but thanks for attempting to spread fear.

7. Elvis358

Posts: 203; Member since: Mar 25, 2018

Ahh well at least google took care of that less then .1% of the device's!!!XD

8. gdawilson

Posts: 297; Member since: Jul 21, 2014

This would only affect me if I sideloaded apps. Since I don't I'm not too worried. I'm disappointed with Google's lack of effort to fix this for everything pre-Pie

20. chromoid

Posts: 37; Member since: Oct 03, 2013

You're naive . Even apps from the store can listen to broadcast. There could be a million apps doing right now. I don't own how phone arena can put a comment like this making people think apps from the store can't use the vulnerability

10. Vokilam

Posts: 1111; Member since: Mar 15, 2018

Well, they said it’s only for android devices that don’t have latest update. Nothing to worry.

14. TMHKR

Posts: 202; Member since: Dec 08, 2012

In other words, buy a new phone. Thanks for nothing Goolag!

15. xfire99

Posts: 1205; Member since: Mar 14, 2012

Like Googl arent tracking already? Even private persons revealed themself in social media like Facebook.

16. Marcwand3l

Posts: 416; Member since: May 08, 2017

Well I see that the author tried it's best but it's not as big of a deal as it tries imply. First you have to install a shady app by yourself. Second it can only track your location and tired the option of attacking a Wifi network is just that, an option. It's also sounds like a lot of effort so 99.99999% of android users are safe anyway.

21. chromoid

Posts: 37; Member since: Oct 03, 2013

It's only one like e to catch the broadcast. Maybe multiple if it's send through multiple broadcasts. Easiest vulnerability to the most rookie developer if they got what it is. Apps in the store could use it maybe even using it right now

17. KakashiHatake4444

Posts: 74; Member since: Jul 30, 2018

Way to go Google, iOS is patiently awaiting all the customers who are super skeptic about these flaws in Android OS....

18. cmdacos

Posts: 3889; Member since: Nov 01, 2016

Wake me when anyone is affected. Plus your network provider already has all this info regardless of what device you have. What are they doing with the info? How securely are they holding the data? Also who cares where you are...

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.