When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 7.1.1 |
||
google android 7.1.2 |
||
google android 9.0 |
||
google android 8.0 |
||
google android 8.1 |
||
google android 7.0 |
Bypassing permission protection on network info Android data slurping measured and monitored
Security researchers have found a way to sniff Android system broadcasts to expose Wi-Fi connection information to attackers. Tracked as CVE-2018-9489, the issue was discovered by Nightwatch Cybersecurity and published yesterday. If you can, upgrade to Android 9 (Pie), because there's no plan to fix older versions. What they found was that the system broadcasts spaff “Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address” to any application running on the ...