According to a report from Nightwatch Cybersecurity a was recently found in system broadcasts by the Google operating system that could expose information about a user’s device to any applications running on the device.

Android broadcasts information about a user’s Wi-Fi connection, including the network name, local IP addresses, BSSID and the address, through a feature called intents. Using intents, the OS or any application on the device can read this .

Data such as MAC addresses are static and tied to the device meaning that an attacker could uniquely identify and track any Android device. MAC addresses have been hidden via APIs since Android version 6, however if a app were to eavesdrop, the data from the broadcasts can be captured. In addition to the MAC addresses, data such as the BSSID and network name can be used to geotrack users by using database lookups.

Millions of users are potentially impacted as all versions of Android, including OS forks such as Amazon’s FireOS for the Kindle, are affected. In early August, Google patched the flaw in Android P, commonly known as Android 9 Pie.

Google has declined to fix older versions of Android stating that to do so would be a breaking change. Users have been encouraged to upgrade to the latest version of Android.



Source link
thanks you RSS link
( http://feedproxy.google.com/~r/ProgrammableWeb/~3/hi3SH8MQW2g/03)

LEAVE A REPLY

Please enter your comment!
Please enter your name here