We write often here about the security vulnerabilities of Android devices that are due, at least in part, to how much of a delay there can be in the latest software updates making the rounds. Which can leave some handsets dangerously vulnerable if the device manufacturer is slow on the uptake.
Which means we’re constantly writing posts like this one: Researchers from Nightwatch Cybersecurity this week put out an advisory about an Android vulnerability that purportedly exposes information about a user’s device to all applications running on the device. There’s a fix for it, but not if you’re running a too-old version of Android.
According to the advisory, the information includes “the Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.”