Great Motorola Edge deal on Amazon!

Any Android device not running Pie can be tracked and located thanks to new vulnerability

By
22comments
Android Google
Any Android device not running Pie can be tracked and located thanks to new vulnerability
A research report from research firm Nightwatch Cybersecurity reveals the latter's discovery of a new Android vulnerability. The flaw allows apps to ignore permissions to gain access to information that is found in system broadcasts. That includes the name of the Wi-Fi network being used by a device, BSSID, the MAC address of the device, DNS server information and local IP addresses.

With this information, a malicious app could locate, geolocate and track any Android device right down to a street address. In addition, a hacker could look around a Wi-Fi network unchallenged, and even attack it. There is some good news and bad news about this vulnerability. The good news is that Google apparently fixed the flaw with Android 9.0 Pie. The bad news is that less than .1% of Android users are running the latest build of Android on their phones. Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS.

Not only are older Android devices running pre-Pie builds vulnerable to this flaw, devices powered by a forked version of Android are also open to this attack. Amazon's Fire Phone and Fire Tablets are driven by this variant of Google's open source operating system, which relies on apps and content from Amazon instead of Google.

"System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations."-Nightwatch Cybersecurity

Recommended Stories
Unfortunately, with Google deciding not to protect older versions of Android, and the distribution of Android 9.0 Pie as limited as any new Android build, your best bet is to refrain from sideloading any unofficial app that could be used to take advantage of the vulnerability.

https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

Two more companies want FCC action against T-Mobile for interference from 5G
Two more companies want FCC action against T-Mobile for interference from 5G
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
T-Mobile subscribers need to watch out for this scam which could wipe you out quickly
T-Mobile subscribers need to watch out for this scam which could wipe you out quickly
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
All T-Mobile plans now include full and clear details on 'typical' speeds, latency, fees, and more
All T-Mobile plans now include full and clear details on 'typical' speeds, latency, fees, and more
Doesn't matter if T-Mobile, AT&T or Verizon, don't fall for the ring: How to stay safe in a world full of tricks?
Doesn't matter if T-Mobile, AT&T or Verizon, don't fall for the ring: How to stay safe in a world full of tricks?

Latest News

Epic Amazon deal makes the Jackery Explorer 1000 power station cheaper than ever
Epic Amazon deal makes the Jackery Explorer 1000 power station cheaper than ever
Sony's premium WH-1000XM4 headphones are sweetly discounted at Best Buy and Amazon
Sony's premium WH-1000XM4 headphones are sweetly discounted at Best Buy and Amazon
In another sign of weakening iPhone dominance, Android expected to grow 2x faster than iOS
In another sign of weakening iPhone dominance, Android expected to grow 2x faster than iOS
Elon Musk cracks down on bots: New X users face temporary fee
Elon Musk cracks down on bots: New X users face temporary fee
The Lenovo Tab M10 Plus (3rd Gen) is your budget entertainment companion at that Amazon price
The Lenovo Tab M10 Plus (3rd Gen) is your budget entertainment companion at that Amazon price
The high-end Bose QuietComfort Earbuds II are available at an attractive price on Amazon
The high-end Bose QuietComfort Earbuds II are available at an attractive price on Amazon
FCC OKs Cingular\'s purchase of AT&T Wireless