Vulnerabilities in Android allow malware to read device information even without permission
A vulnerability in Android allows poisoned applications to pass the request to allow the right to read device information, thereby 'peeking out' more information than allowed, including the ability to help it track equipment location.
A vulnerability in Android allows poisoned applications to pass the request to allow the right to read device information, thereby 'peeking out' more information than allowed, including the ability to help it track equipment location.
Discovered by Nightwatch Cybersecurity, this vulnerability affects every version of Andorid, except the newly released OS is Android 9 or Android Pie.The vulnerability code is CVE-2018-9489 and the possibility is not fixed.
'The vendor will fix the bug on Android P / 9, because it will have to change API a lot, so there are no plans to fix it on previous Android versions.Users should upgrade to Android 9 / P or newer versions, "Nightwatch Cybersecurity said.
With this vulnerability, malicious applications can bypass the level of user information access, read device information, from WiFi network names, IP addresses to DNS server information, MAC address.Researchers warn that it will open the door for malicious behaviors such as tracking device location.
Users only have to update Android Pie if they want to patch this security hole
'The MAC address is unchanged, tied to the device, so it can be used to identify and monitor Android devices even when using a random MAC address.Network name and / or BSSID can be used to locate users by searching on databases such as WiGLE or SkyHook.Other network information can also be used to find out, attack WiFi networks'.
This security vulnerability has been reported to Google since March this year, but has only been overcome by the tech giant on the latest Android version.So the only way to secure your device is to update it to Android Pie.However, this is not easy because most OEMs are still planning to update the OS, maybe a few months away.
See more:
- Phones from 11 manufacturers may be attacked by hidden AT commands
- Fortnite for Android has a security vulnerability
- Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machines
You should read it
- IBM developed a new technology to patch security holes
- A serious security error appeared on Android that allowed hackers to control smartphones through a photo
- Fortnite for Android has a security vulnerability
- Android apps used by the US military in combat have security holes
- Find security holes on every site with Nikto
- Security vulnerabilities - basic insights
- 9 misconceptions about security and how to resolve
- The malicious video file causes users to lose control of the device 'storming' in the Android world
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- 5 common errors in managing security vulnerabilities
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- Settings that help improve the security of your Android device
Maybe you are interested
Instructions to turn off the Spotify Canvas feature Instructions for creating pin code in Windows 10 Install 'sirens' for Windows with Predator 8 security issues to keep in mind when recycling hardware 25 Free File Shredder software deletes security data for computers Apple completed the purchase of Beats Audio