Home Hacking News Android Exposing Data Via Internal System Broadcasts

Android Exposing Data Via Internal System Broadcasts

by Harikrishna Mekala
Google Maps allow a lock screen bypass on Android 13 and 14 devices

The internal system broadcasts that happen inside the Android OS has been found to expose sensitive user and device details. The apps installed on the phone can access the user data without the consent of the user. The data is leaked due to the Android internal system broadcast which includes the WiFi network name, WiFi network BSSID, Local IP addresses, the device’s MAC address and DNS Server information. While this data may appear useless it would help advertisers to track the online activity of the users.

Where did the leak take place?

The leak happened due to the internal feature in the Android OS called “intent” which allows an application and OS functions to run on an Android device. The mobile security researchers from Nightwatch Cyber Security have found that Android OS broadcasts the information about the WiFi connection and the WiFi network using two separate intents called NETWORK_STATE_CHANGED_ACTION and WiFiP2pManager WIFI_P2P_THIS_DEVICE_CHANGED_ACTION.

The third party apps that have been installed on Android which include advertising components can set up the listening ports for the two intents and capture the WiFi-related information even if the application doesn’t have permission to access the phone’s WiFi feature which is granted by the user in a normal scenario.

What types of data were affected?

This kind of leak is allowing the hackers to bypass the Android permission Systems as it allows the highly sensitive information without prompting the user for action. The advertiser or a malicious threat actor can trick the user into installing a malicious app that will collect the WiFi information of that phone to track the victim online.

While Google doesn’t want to fix the older versions of the Android the Nightwatch team has believed the all the forks of the Android including the Amazon Fire OS were also affected.

The issue has given an id of CVE-2018-9489 by the researcher team. The company has opted to fix the WiFi broadcast leaks to only fix few Android version such as the Android Pie.

Take your time to comment on this article.

You may also like