Unless you Upgrade to Android Pie, a Vulnerability Leaves your Phone Trackable -- and Google Won't Fix It
A vulnerability in the Android operating system means that it is worryingly easy to track and locate phones. While the issue has been addressed in Android Pie, Google has no plans to patch the vulnerability in earlier versions of its mobile OS.
The vulnerability (CVE-2018-9489) was revealed in a report from Nightwatch Cybersecurity which warns that it can be used to "uniquely identify and track any Android device" and also to "geolocate users". As well as Google's own Android builds, the problem is also said to affect forked versions such as FireOS.
The vulnerability, which was first reported to Google back in March, means that it is possible for apps to bypass permissions and gain access to information that is contained in system broadcasts -- information that can be very revealing. The problem is made all the more serious thanks to the fact that the vast majority of people will never see Pie on their phones, meaning their handsets will remain vulnerable.
Describing the problem, Nightwatch Cybersecurity says:
System broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
Because MAC addresses do not change and are tied to hardware, this can be used to uniquely identify and track any Android device even when MAC address randomization is used. The network name and BSSID can be used to geolocate users via a lookup against a database of BSSID such as WiGLE or SkyHook. Other networking information can be used by rogue apps to further explore and attack the local WiFi network.
It is not known whether the vulnerability has been exploited in the wild, but now it has been exposed, that risk has greatly increased. More information about the security issue can be found in the Nightwatch Cybersecurity report.
Source: betanews
Latest Jobs
-
- Technical Design Authority (Telecoms, SDWAN, IOT, WAN, Hosted Services)
- Germany
- Up to €90,000 plus car, bonus and benefits
-
Location: Frankfurt Technical design Authority is required to help lead a number of key client Migrations projects for this tier 1 Telecom company, the main role for the TDA is helping customers migrate to new services, with a focusing on hosting (AWS, Azure) SWWAN and IOT. You will be responsible for: Post sales design documentation, implementation and migration of complex solutions for managed enterprise customers. Complex solutions consist of multi-product services. The TDA’s role is to ensure that these services interoperate and integrate into the customer environment. Such products consist of but not limited to MPLS, Ethernet, IPSec VPN’s, VoIP, Video Conferencing, Wireless, Internet, Private DSL, WAN Optimization, Managed Security Services, Managed Hosting, SDWAN and Complex Migration Planning. The TDA will own the technical delivery of customer solutions and will be the technical interface between the customer, product teams and project management during service delivery. Close engagement with pre-sales, technically validating solutions proposed are deliverable and all technical aspects are clearly defined prior to contract signature. The TDA accepts technical ownership of the solution at the point of contract signature. Lead customer facing technical workshops requiring excellent communication with the ability to articulate technical concepts clearly to all levels of competency. Providing support to 3rd line teams for OEM and design related faults. You will need to be at CCIE level (ideally CCIE R&S or SP ) with strong low level design and deployment skills, comfortable in front of customers and leading customer meeting. Fluent German is required. Knowledge in SDWAN and Hosted services would be advantageous. Reference: RA7302
-
- Big Data Architect
- Newbury
- £70,000 + Benefits
-
A Big Data Architect is required for a leading Google Cloud partner. The Big Data Architect will be responsible for advising external customers(FTSE100) on Big data storage and transformation requirements on the Google Cloud platform. You will get the chance to be at the forefront of technology, regularly involved with Google Alpha tests – You will be shaping the future of google tech. Experience required; Public Cloud Architecture – Ideally Google but will consider people with an Azure or AWS background who are looking to move into GCP. Experience with Big Enterprise Data – Set ups, Flows, Pipelines etc. Strong SQL understanding – DataBase, Data Residency. Candidates must be based and eligible to work in the UK without sponsorship as our client do not have the ability to sponsor. Reference Number: PG7347
-
- NetIQ Consultant (Contract)
- London
- £600 Per Day
-
A NetIQ Consultant is needed for a 6 month engagement in London. The NetIQ Consultant will be responsible for Designing, Configuring & Implementing Micro Focus Operations Centre & eDirectory Solutions. Required skills and experience Current experience with Micro Focus Operations Centre & eDirectory. SC Clearance is needed due to the nature of work. Reference Number: CH7363
-
- New Business Sales Consultant
- London
- £50,000 plus benefits and OTE
-
One of our clients who is are a leading service provider are looking for a direct sales consultant to secure new logo business within the Mid market sector selling the full company portfolio of Cloud, Voice & Data solutions Responsibilities: To establish, develop and bring on new accounts to manage. Identify up-sell opportunities within the existing accounts. To ensure sales targets are achieved or a Monthly, Quarterly and Annual basis To plan Sales strategies and liaise with Marketing to produce campaigns to increase market share To competently and knowledgably advise clients on ICT solutions and managed services that best fulfil their requirements, undergoing full assessments and analysis of client needs Participation in planning and preparing marketing campaigns along with your own targeted campaigns Assist with the mentoring of junior staff members Attending networking events which at times may include activities outside of normal work hours Knowledge & experience required: Consistent new business sales record within the cloud, telecoms, ISP, systems integrator or carrier space Knowledge of cloud, data, voice, connectivity and Internet network technologies An ambitious, industrious and aspirational mind-set Experienced selling into the SME/MLE market Committed, engaged, and responsible when dealing with customers Reference Number: RA7361