01 Sep Android API Bug Allows Data Leak, User Tracking
Nightwatch Cybersecurity researchers revealed last Wednesday an Android vulnerability which can allow attackers to secretly intercept WiFi broadcast data to track users.
The flaw, CVE-2018-9489, was discovered in Android’s communication management programming. Researcher Yakov Shafranovich said that attackers can listen to the data stream being leaked by the device, which can include Wi-Fi network names, BSSID, local IP addresses, DNS server data and MAC addresses, and use the information to geotrack users or attack the local WiFi network.
The team adds that while it is possible to restrict who reads such messages, some developers fail to implement such restrictions which leads to the leakage of sensitive data.