Monday, November 19, 2018

Android OS Flaw Allows Hackers to Track User Location

A flaw in the Android mobile operating system could allow an attacker with physical proximity to a WiFi router to track the location of users within the router’s range.
The issue (CVE-2018-9581) allows information leakage stemming from inter-process communication. While applications on Android are usually segregated by the OS from each other and from the OS itself, there are still mechanisms for sharing information between them when needed. One of those mechanisms is the use of what Android calls “intents.”
An application or the OS itself can send an “intent” message out, which is broadcast system-wide and can be listened to by other applications. Without proper access restrictions and permissions put in place around these intents, it’s possible for malicious applications to intercept information that it shouldn’t have access to.
All versions of Android are believed to be affected (although on Android 9 one of the two broadcast types is no longer revealing sensitive data, as part of the fix for a related bug, CVE-2018-9489). 

No comments:

Post a Comment