An Android vulnerability allows you to track and locate your mobile

[OyaYansa]

A team of researchers from security firm Nightwatch Cybersecurity has discovered a vulnerability that allows attackers to track and locate your mobile. The security hole affects all versions of the operating system prior to Android 9.0 Pie and, according to the report, it is unlikely that Google will solve it.

The vulnerability allows any application running on the device to have access to the information found in system transmissions. This includes the name of the Wi-Fi network to which the terminal is connected, the BSSID, the MAC address, the DNS server information and the local IP addresses.

Some of this information, such as the MAC address, is no longer available through the API on Android 6 and above, and additional permissions are normally required to access the rest of this data. However, when listening to the transmissions of the system, any app installed on the mobile can capture this information.

Due to this security flaw, an attacker could use the data from the transmissions to identify and track any Android device. The name of the network and the BSSID can be used to find out the location of the terminal, and also the network information can be used to scan and attack the local WiFi network.

The Nightwatch Cybersecurity team believes that, except for Android Pie, all versions of Android are affected, including some variants based on this operating system, such as Amazon's Fire OS for the Kindle.

Do you change your mobile? These are the most valued Amazon Spain

Researchers indicate they reported this vulnerability to Google in March of this year, and the Mountain View company developed a solution, but only for the most recent version of the operating system. "Google corrected these problems in Android 9.0 Pie, but does not plan to repair previous versions," the report said. "Users are encouraged to upgrade to Android Pie."