Security bods: Android system broadcasts enable user tracking

Bypassing permission protection on network info

Security researchers have found a way to sniff Android system broadcasts to expose Wi-Fi connection information to attackers.

Tracked as CVE-2018-9489, the issue was discovered by Nightwatch Cybersecurity and published yesterday. If you can, upgrade to Android 9 (Pie), because there's no plan to fix older versions.

What they found was that the system broadcasts spaff “Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address” to any application running on the device, even though this is supposed to be protected information, “bypassing any permission checks and existing mitigations”.

The reason older Android versions won't get a fix, the post claimed, is that Google said it would break older APIs.

The problem is in how application developers use what Android calls “intents” for inter-process communication. The Nightwatch post explained: “While functionality exists to restrict who is allowed to read such messages, application developers often neglect to implement these restrictions properly or mask sensitive data”.

The intents in question are in the WifiManager NETWORK_STATE_CHANGED_ACTION and WifiP2pManager’s WIFI_P2P_THIS_DEVICE_CHANGED_ACTION, the post said.

kids drink milkshake

Android data slurping measured and monitored


An application trying to get information like MAC address, network name, IP gateway and so on from the WiFiManager process would raise a dialogue to get user permission, but that information is readable as system broadcasts, the post said.

As a result, an attacker creating a malicious application could harvest the system broadcast info from a user, send it “home”, use the MAC address to track the device's movement between networks (in spite of Android's MAC address randomisation, the post said), and compare network IDs to public databases.

As proof that the broadcasts are sniffable, Nightwatch points to this app at the Play Store by Lithuanian developer Vilius Kraujutis (@viliusk on Twitter). Developers need fewer than 20 lines of code to sniff the information in applications.

Kraujutis's source code is also available at GitHub. ®

Tech Resources

Webcast Slide Deck | Zero trust strategies to zap ransomware peril

Join industry veteran and security pro Mike Wronski of Nutanix as he explains to Tim Phillips about zero trust strategies combined with HCI can improve your security posture, defend against threats, help prevent your business from being the next victim of ransomware.

3 Unexpected SAP Cloud Challenges and How to Conquer Them

In this white paper you'll discover the three main challenges plaguing both Enterprise IT operations and Managed Service Providers (MSPs) today, and learn how to overcome them.

Webcast Slide Deck | Practical tips for Office 365 tenant-to-tenant migration

You merged. You sold a company. You’re migrating to a sovereign data centre. Whatever the reason for your Office 365 tenant-to-tenant migration, it can be one of the most important and stressful projects you will ever take on. It will be a session packed with practical help that might just save your job … and your sanity.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Biting the hand that feeds IT © 1998–2020