Vulnerabilities in Android allow malware to read device information even without permission
A vulnerability in Android allows poisoned applications to pass the request to allow the right to read device information, thereby 'peeking out' more information than allowed, including the ability to help it track equipment location.
Discovered by Nightwatch Cybersecurity, this vulnerability affects every version of Andorid, except the newly released OS is Android 9 or Android Pie.The vulnerability code is CVE-2018-9489 and the possibility is not fixed.
'The vendor will fix the bug on Android P / 9, because it will have to change API a lot, so there are no plans to fix it on previous Android versions.Users should upgrade to Android 9 / P or newer versions, "Nightwatch Cybersecurity said.
With this vulnerability, malicious applications can bypass the level of user information access, read device information, from WiFi network names, IP addresses to DNS server information, MAC address.Researchers warn that it will open the door for malicious behaviors such as tracking device location.
Users only have to update Android Pie if they want to patch this security hole
'The MAC address is unchanged, tied to the device, so it can be used to identify and monitor Android devices even when using a random MAC address.Network name and / or BSSID can be used to locate users by searching on databases such as WiGLE or SkyHook.Other network information can also be used to find out, attack WiFi networks'.
This security vulnerability has been reported to Google since March this year, but has only been overcome by the tech giant on the latest Android version.So the only way to secure your device is to update it to Android Pie.However, this is not easy because most OEMs are still planning to update the OS, maybe a few months away.
See more:
- Phones from 11 manufacturers may be attacked by hidden AT commands
- Fortnite for Android has a security vulnerability
- Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machines
You should read it
- Fortnite for Android has a security vulnerability
- Android apps used by the US military in combat have security holes
- Find security holes on every site with Nikto
- Security vulnerabilities - basic insights
- 9 misconceptions about security and how to resolve
- The malicious video file causes users to lose control of the device 'storming' in the Android world
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- 5 common errors in managing security vulnerabilities
May be interested
- Already have Samsung Internet 9.0 with many upgrade points, invite you to download and experiencesamsung internet is one of the browsers that brings quality and good experience to users. recently, samsung internet 9.0, the version for galaxy s9 + built on android 9 pie has appeared.
- Facebook was attacked, more than 50 million user accounts are at risk of being leakedmore than 50 million facebook user accounts are affected by a recent cyber attack. this is a new announcement released by the world's largest social network.
- There is a new zero-day vulnerability in Windowsthe vulnerability posted on twitter and on github also has a poc that demonstrates one of the ways this error exploits the machine, making it impossible to boot.
- If you do division by 0 on a computer, what will happen?the video in the lesson will show you how crazy the computer is when doing calculations divided by 0.
- China has at least 10 PoP presence points to hijack the network architecturechina is using bgp hijack and creating new paths for network traffic in western countries through one of their largest telecommunications companies.
- iPhone X, iPhone 8 may slow down after upgrading to iOS 12.1apple has quietly added performance management - managing its performance on iphone 8, 8 plus and iphone x models.