Android Vulnerability: Debug Ports Of Devices Left Exposed

The security researcher community has flagged a serious issue in that Android devices are shipping out to customers with their debug port open to remote connections.

The vulnerability was first spotted by Qihoo 360 Netlab in February 2018 when they detected an Android worm which was spreading from the Android device to Android device via a cryptocurrency miner called ADB Miner.

The Android Debug Bridge was used to exploit the Android phones which is a feature in the phones used to troubleshoot faulty devices. Some of the vendors are shipping the Android-based devices with ADB over wifi feature which is left enabled default in the application which is also a production version of their operating system.

The customers who then bought, and are still buying these devices may be currently unaware that their devices are have open the remote connections using the ADB interface which is normally accessible using the TCP port 5555. The ADB troubleshooting utility also gives them access to the sensitive applications the operating system such as the UNIX Shell. The ADB worm has kept spreading from when it was first spotted in February by taking advantage of the ADB ports. The worm installs a Monero miner and starts scanning for the new devices in the network using the port.

A security researcher named Kevin Beaumont has re-brought this issue to the public using a Medium blog post saying that there are still a lot of countless devices that are vulnerable to the ADB worm.

“During research for this article, we’ve found everything from tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea,” Beaumont said.

“This is highly problematic as it allows anybody — without any password — to remotely access these devices as ‘root’— the administrator mode — and then silently install software and execute malicious functions,” Beaumont added.

This is by no means a problem which has been resolved and is something that owners of Android devices have been recommended to take action against. They are being advised to check if the vendor they have purchased through has left the ADB interface enabled on their device. There is a tutorial available to assist users with support on how to enable or disable the ADB interface which is referred to USB Debugging in most Android OS settings menus.

Beaumont himself recommends that mobile operators can protect users from this issue by blocking the inbound connections going to port 5555 to devices, which would leave most Internet-wide scans ineffectual.

Has your device been affected? Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients