A new security vulnerability has been discovered in the Android operating system (CVE-2018-9489) that allows cyber fraudsters to covertly capture Wi-Fi broadcast data to monitor users. Cyberecurity Nightwatch researcher Yakov Shafranovich explained that CVE-2018-9489 is based on the features of the staffing mechanism of intents in the Android OS, which allows the OS and installed software to conduct internal communication, without requesting permission to access hidden information. In this way, Wi-Fi data, BSSID, local IP addresses, DNS server data and MAC addresses can be disclosed. It is believed that the MAC address was hidden in version 6 and above, but fraudsters still get to the same MAC address. With the availability of such information, cybercriminals will be able to track a person by their device, attack local Wi-Fi networks, and steal confidential information. Nightwatch Cyber Security believes that all versions of Android are affected (even Amazon’s FireOS for Kindle). The cybersecurity firm initially back in early spring announced its research on Google. After analysis by a company that took several months, the vulnerability was designated as CVE, and Google developed the patch in mid-summer. The patch was confirmed in early August, which publicly revealed the problem. Google fixed this vulnerability in the fresh Android 9 Pie, but does not plan to close it in older versions of Android, thereby putting numerous users at risk of hacker attacks. To minimize the risks, experts in the field of digital security recommend updating the OS on the device to Android 9.0 Pie. If the smartphone does not support the new version of Android, then do not install applications from third-party sources and from unknown developers. Note that not all new smartphones are released by manufacturers with preinstalled Android 9 Pie, and the update still needs to wait from the company, and not from Google. In the meantime, a fresh OS is installed on less than 0.1% of Android devices.