Home Hacking News Android Exposing Data Via Internal System Broadcasts
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Android Exposing Data Via Internal System Broadcasts

by Harikrishna Mekala
written by Harikrishna Mekala
Google Maps allow a lock screen bypass on Android 13 and 14 devices

The internal system broadcasts that happen inside the Android OS has been found to expose sensitive user and device details. The apps installed on the phone can access the user data without the consent of the user. The data is leaked due to the Android internal system broadcast which includes the WiFi network name, WiFi network BSSID, Local IP addresses, the device’s MAC address and DNS Server information. While this data may appear useless it would help advertisers to track the online activity of the users.

Where did the leak take place?

The leak happened due to the internal feature in the Android OS called “intent” which allows an application and OS functions to run on an Android device. The mobile security researchers from Nightwatch Cyber Security have found that Android OS broadcasts the information about the WiFi connection and the WiFi network using two separate intents called NETWORK_STATE_CHANGED_ACTION and WiFiP2pManager WIFI_P2P_THIS_DEVICE_CHANGED_ACTION.

The third party apps that have been installed on Android which include advertising components can set up the listening ports for the two intents and capture the WiFi-related information even if the application doesn’t have permission to access the phone’s WiFi feature which is granted by the user in a normal scenario.

What types of data were affected?

This kind of leak is allowing the hackers to bypass the Android permission Systems as it allows the highly sensitive information without prompting the user for action. The advertiser or a malicious threat actor can trick the user into installing a malicious app that will collect the WiFi information of that phone to track the victim online.

While Google doesn’t want to fix the older versions of the Android the Nightwatch team has believed the all the forks of the Android including the Amazon Fire OS were also affected.

The issue has given an id of CVE-2018-9489 by the researcher team. The company has opted to fix the WiFi broadcast leaks to only fix few Android version such as the Android Pie.

Take your time to comment on this article.

I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses