ADB Exploit Leaves Thousands Of Android Devices Exposed To Attackers

Deepika Padukone in her latest outfit makes travelling stylish again
Deepika Padukone in her latest outfit makes travelling stylish again
06/11/2018
I look far better now than in the past: Twinkle Khanna | Entertainment
06/11/2018

ADB Exploit Leaves Thousands Of Android Devices Exposed To Attackers

Android Root Bridge


A network worm has surfaced on Android devices that exploits Android Debug Bridge (ADB) feature of the mobile OS – a feature that is enabled by default by phone manufacturers.

Security researcher Kevin Beaumont revealed this issue in a blog post stating that ADB is completely unauthenticated and thousands of Android devices connected to the internet are currently being exploited through this vulnerability.

How does the exploitation take place?

Hardware manufacturers ship their products with Android Debug Bridge left enabled, and the service listens to TCP port 5555 through which anyone can connect to a device over the internet.

“However, to enable it — in theory — you have to physically connect to a device using USB and first enable the Debug Bridge,” says Kevin.

Given that ADB is a troubleshooting utility, it allows a user to access several sensitive tools, including a Unix shell. Exploiting this very feature, a cryptocurrency miner called ADB.Miner worm spread to several devices in February. It could scan for new devices to infect by using port 5555.

The risks at stake

According to Kevin, there are thousands of Android-based devices still exposed online. Anybody connected to a device running ADB can execute commands remotely.

“This is highly problematic as it allows anybody — without any password — to remotely access these devices as ‘root’ — the administrator mode — and then silently install software and execute malicious functions.”

ADB.Miner is still active

The ADB.Miner worm that was first spotted in February by Qihoo 360 Netlab is very much alive, and the scanning activity on port 5555 hasn’t yet stopped. Millions of scans recorded in the last month itself.

“Using data from Qihoo 360’s Netlab – which features extracts from Netflow data in ISPs and transit providers – we can see massive amounts of port 5555 traffic arriving live.” Kevin added.

The solution

Kevin advises Android device owners to disable the ADB interface immediately. “These are not problems with Android Debug Bridge itself,” said Kevin. “ADB is not designed to be deployed in this manner.”

He also added that vendors should not ship products with Android Debug Bridge enabled over a network because it leads to the creation of a Root Bridge – a situation where anybody can misuse devices.

Also Read: RedEye Ransomware Destroys Your PC Files If Payment Isn’t Made





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *