Android “API breaking” vulnerability can leak device data
Recently, Yakov Shafranovich, a security research expert at Nightwatch Cybersecurity, discovered a vulnerability in the Android system that allows network attackers to capture WiFi broadcast data to track users secretly. These data cover the WiFi network name, BSSID, local IP address, DNS server data, and MAC address, although the API has hidden the latter in Android 6 and higher.
Regular apps are often used for legitimate purposes to intercept this data. However, rogue APP is likely to cause leakage of sensitive data after eavesdropping on this data. An attacker could use to initiate a network attack against local WiFi and use a MAC address to track a specified Android device. In addition to using database lookups, geotagging can also be done by network name and BSSID.
The researchers said “While functionality exists to restrict who is allowed to read such messages, application developers often neglect to implement these restrictions properly or mask sensitive data. This leads to a common vulnerability within Android applications where a malicious application running on the same device can spy on and capture messages being broadcast by other applications.”