Many Android Devices Ship with ADB Enabled

Discussion in '0-day Release' started by silversurfer, Jun 11, 2018.

Tags:
  1. silversurfer

    silversurfer Malware Tester Silver Member

    Many vendors ship Android devices with the Android Debug Bridge (ADB) feature enabled, thus rendering them exposed to various attacks, security researcher Kevin Beaumont has discovered.

    ADB is a feature meant to provide developers with the ability to easily communicate with devices remotely, to execute commands and fully control the device. Because it doesn’t require authentication, ADB allows anyone to connect to a device, install apps and execute commands.

    In theory, the device should be first connected via USB to enable ADB, but Beaumont has discovered that some vendors ship Android devices with the feature enabled right from the start. The Debug Bridge listens on port 5555, and anyone can connect to the device over the Internet.

    “During research for this article, we’ve found everything from tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea. As an example, a specific Android TV device was also found to ship in this condition,” the security researcher notes.

    Full Article: https://www.securityweek.com/many-android-devices-ship-adb-enabled
     
    Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page