Lack of Randomization in Android Qualcomm Snapdragon Mobile and Snapdragon Wear Devices' Mac Spoofing Feature

Lack of Randomization in Android Qualcomm Snapdragon Mobile and Snapdragon Wear Devices' Mac Spoofing Feature

CVE-2017-18126 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy.

Learn more about our Cis Benchmark Audit For Google Android.