Device makers still shipping products with Android Debug Bridge enabled

By
Device makers still shipping products with Android Debug Bridge enabled

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled - a dangerous default setting that enables potential adversaries to connect to these devices.

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.

The ADB feature lets developers communicate with devices remotely, listening for traffic via port 5555. "This is highly problematic as it allows anybody - without any password - to remotely access these devices as ‘root' - the administrator mode - and then silently install software and execute malicious functions," warns infosec expert Kevin Beaumont in a blog post he published last week.

During the course of Beaumont's research, he found myriad devices left vulnerable by these risky deployments, including tankers in the US, DVRs in Hong Kong, mobile telephones in South Korea, and an Android TV device in an unspecified locale.

A recent look at Qihoo 360's Netlab data showed nearly ten thousand unique IP addresses scanning port 5555 during a given 24-hour window, Beaumont continues.

Last February, researchers identified a new threat in ADB.miner, a wormable cryptomining malware that abuses enabled ADB settings to spread in peer-to-peer fashion across multiple devices such as mobile phones, media players and smart TVs. Inspired by Beaumont's investigation, fellow researcher Piotr Bazydlo, head of the R&D Network Security Methods Team at NASK, reports that 40,000 unique IP addresses were found impacted by ADB.Miner on 4 and 5 June alone.

"Summing up, vendors need to not ship products with Android Debug Bridge enabled over a network - especially when they are designed for internet connectivity," Beaumont concludes. "It places the customers in harm's way. Vendors who have done this should issue product updates to remediate the issue, and if automatic updates are not an option they should contact customers to ask them to update their software."

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

The new Telstra – only 20 years in the making...

The new Telstra – only 20 years in the making...

How to: Boot Windows 10 in Safe Mode

How to: Boot Windows 10 in Safe Mode

Spyro Reignited Trilogy first gameplay shows it could be the perfect nostalgia trip

Spyro Reignited Trilogy first gameplay shows it could be the perfect nostalgia trip

Explainer: why Chinese telecoms participating in Australia’s 5G network could be a problem

Explainer: why Chinese telecoms participating in Australia’s 5G network could be a problem

Would you like to receive

Our Newsletter?