DEV Community

Paulo Renato
Paulo Renato

Posted on • Edited on

Android Devices Being Shipped with TCP Port 5555 Enabled

As per this article some Android devices are being shipped from factory with the Android Debug Bridge(ADB) enabled.

For the ones not aware of what is ADB, try to think of it as the shell for Android devices, that lets anyone execute commands and install whatsoever they want, thus allowing them to take full control of the device without the need to authenticate.

ADB was supposed to only work when connected to a computer via usb port, but as the security researcher Kevin Beaumont discovered the ADB is listening on tcp port 5555, thus anyone from internet can access it and take over your Phone, Tablet, TV or any other Android enabled device.

This exploit allows an attacker to perform all kinds of stuff, like crypto currency mining, stealing credentials, ransomware, espionage on what you are doing, etc.

As an example among others we have Hide 'N Seek IoT Botnet targeting Android devices by leveraging this ADB flaw.

What are your thoughts on this ADB exploit?

EDIT

It seems that the article I linked from the security researcher Kevin Beaumont is misleading in how ADB works on an Android device as pointed out in the comments.

Please read this article from Subbu Lakshmanan as a reply to my article and to know in more detail how ADB and is security model works.

Top comments (3)

Collapse
 
subbramanil profile image
Subbu Lakshmanan

It's certainly possible in rooted devices, aka devices that run custom android images (instead of factory defaulted images).

In typical non-rooted devices, for example, Samsung/HTC/LG/Motorola/Nexus,

  1. "USB Debugging" is disabled by default and needs to be enabled first time connecting through a micro-USB cable.
  2. Even "USB Debugging" is enabled, the image that's built is called 'user' build, which disables 'sudo'(superuser) access.

You can run a limited set of commands. All these are designed to protect the user, but there are potential for collecting information based on the apps that you run and possible hack if any of the apps have any vulnerability.

P.S: One small correction in your article is that it's not the flaw of the ADB. ADB is designed in such a way that you can connect to a device through micro USB or over Wifi for development purposes. To quote from the article that you shared, even the author of the article agrees with the same.

These are not problems with Android Debug Bridge itself; ADB is not designed to be deployed in this manner.

Collapse
 
exadra37 profile image
Paulo Renato

Sorry I know is not an ADB flaw, I just failed to express my self!!!

Thanks for pointing it out... I will edit the article and fix it.

Regarding ADB privileges for what I understand from Kevin Beaumont article, once you connect over tcp port 5555 you have full admin/root privileges, not a limited set of privileges.

Collapse
 
shostarsson profile image
Rémi Lavedrine

That is not exact.
You have root rights if the user is not using a supplier (Samsung, Sony, etc...) Android OS image.
If the device is rooted then you can indeed have root privileges.