All Android versions affected by this vulnerability, except Pie

A recently published Nightwatch Cybersecurity analysis comes with an alert. All Android versions are affected by this vulnerability, including forks, except for Android Pie. Google fixed the issue at hand with Android 9 but plans no fixes for earlier versions of the OS. CVE-2018-9489 is the tracking code for the issue described.

Apparently, applications can circumvent permission checks and existing mitigations by listening to system broadcasts. These system broadcasts by Android OS, says the report, “expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address“. A rogue app gaining access to this information can use it to “identify and track any Android device”, and even geolocate it. Accessing other network information could also allow malicious apps to “explore and attack the local WiFi network”.

As mentioned, Google is aware of the problem, and has issued a fix. This fix will only be available, sadly, to those running the latest version of Android: Pie. Google “does not plan to fix older versions”, says Nightwatch Cybersecurity.

Discuss This Post

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Anton D. Nagy
Anton is the Editor-in-Chief of Pocketnow. As publication leader, he aims to bring Pocketnow even closer to you. His vision is mainly focused on, and oriented towards, the audience. Anton’s ambition, adopted by the entire team, is to transform Pocketnow into a reference media outlet.