Threat Watch

Unpatched Flaw in Android OS Lets Users Location be Tracked

A new flaw gives attackers the ability to track locations if they’re near a WiFi router. Inter-process communication gives way for information to be leaked via (CVE-2018-9581). While applications on Android are typically isolated by the OS from one another and from the OS itself, there are still systems for sharing data between them when required. One of those systems is the utilization of what Android has coined “intents.” The OS itself can send an “intent” message out, which is communicated framework wide and can be tuned into by different applications. Without appropriate access limitations around Android intents, it is possible for malicious applications to see data from other applications that it shouldn’t have access to. “While functionality exists to restrict who is allowed to read such messages, application [and OS] developers often neglect to implement these restrictions properly or mask sensitive data. This leads to a common vulnerability within Android applications where a malicious application running on the same device can spy on and capture messages being broadcast by other applications,” said by a research lead.  This is not new for Android, in fact, they have experienced similar issues with bugs like CVE-2018-9489 and CVE-2018-15835. These also have a lot of the same characteristics to the man-in-the-disk issue.


Users should always be wary as to who has access to their router and connection. If users are at work this makes it slightly more difficult in some respects. Utilize counteractive action arrangements that endeavor to square exploit practices (called WAF’s or IPS’s). Solidify parts of the stack to limit the impact of exploitation. Users should always keep a watchful eye and be able to notice indicators of compromise (IoC) when they arise.