New flaw detected in Android operating system leaks data through WiFi

by Julie Splinters - -

A new vulnerability has been discovered in the Google’s mobile operating system Android.[1]

The vulnerability can be exploited to broadcast sensitive system data through the WiFi network broadcasting signals and transfer sensitive information about the user's device to all applications running on the vulnerable Android device that can be intercepted.

Vulnerability in AndroidThe vulnerability could be exploited to transfer sensitive data to all of the apps installed on the device

Security researchers at Nightwatch CyberSecurity revealed that the flaw can be used to transfer the data to all of the apps on the vulnerable device. In other words, user’s information, including WiFi network name, BSSID, local IP addresses, DNS server information, and MAC address can be leaked.[2]

Some parts of the mentioned information are either difficult to access or unavailable in Android 6.0 and later versions. However, if the installed apps on the device are connected to the broadcasts, they can bypass the security and derive the DATA.

According to the security researchers at Nightwatch CyberSecurity, the biggest security concern is with data such as the device’s MAC address[3] breach because the MAC Addresses are always unique to the certain devices.

Because MAC addresses do not change and are tied to hardware, this can be used to uniquely identify and track any Android device even when MAC address randomization is used. The network name and BSSID can be used to geolocate users via a lookup against a database of BSSID such as WiGLE or SkyHook.

The vulnerability causes a severe violation of privacy and security and is in part due to developers neglecting to apply restrictions so the sensitive data would be properly secured.

It is not the first instance when security researchers detect a vulnerability within Android apps where a dangerous and malicious app which runs on the same infected Android device can gather sensitive information, spy on users or capture messages being broadcast by other apps. Remember recently detected extremely serious vulnerability that has been discovered in the popular game’s Fortnite[4] installer. The vulnerability could be exploited in order to manipulate the installation process to download malicious apps.

Users are encouraged to update their Android system as soon as possible 

Users are recommended to update their Android versions, as the vulnerability was patched in Android P / 9. It is worth to mention that due to breaking API change, prior versions of the Android operating systems will not be patched, so make sure to increase your device’s security and update your Android operating system as soon as possible.

In addition, to keep your Android smartphone and tablet protected, make sure to get the right Internet Security and Antivirus Application for your Android device. Check it out the latest reviews in Reviewed by Pro Security section or the Best antivirus protection for Android in 2018.

About the author

Julie Splinters
Julie Splinters - VPN service analyst

Julie Splinters is a VPN service analyst at Reviewedbypro.com, who specializes in VPN services and anti-spyware applications. Her major of English Philology and her passion for IT helped her choose the path of an IT writer.

Contact Julie Splinters
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook