Nightwatch Cybersecurity, a cybersecurity company, found a new vulnerability. Because of it, attackers can find out the location of a smartphone or tablet.
The problem concerns all versions of the Android OS, except for the latest version – Pie. As reported in the organization’s blog, attackers can get the name of the Wi-Fi network, BSSID, DNS server information, local IP addresses and MAC address of the device. This way you can find out where the owner of the device is now, and where he lives.
Through the Intent message exchange, attackers can access network device data. To do this, unauthorised applications access WifiManager or WifiP2pManager. In theory, this should all be blocked, but Intent refers to the closed functions and transfers everything to the open network.
The problem is not so fatal if the user has Android 6 or higher: the MAC address through the API will not be accessible, access to it is closed. But you can get all the rest of the information.
This vulnerability Nightwatch Cybersecurity reported to Google in late March. At the moment, we know that the vulnerability is eliminated on Android 9.0 Pie. There is only one small problem: this operating system is installed on less than 0.1% of Android-devices. Quite a strange solution to the problem, do not you think?
If you look at the buyers of Android smartphones in general, then few people think about the security of personal data. People value the quality of the camera, the operating time of the device, its price. All these matters, there is no dispute. But the information that is stored in the phone and access to it by third parties is rarely recalled.
Nevertheless, this is another reason to think about before buying a phone, whether there will be regular updates, whether there will be “patches”.