New generation malware and ways of protection: What you need to know
infosec tweaks

New generation malware and ways of protection: What you need to know

Every day we hear about new attacks by hackers on companies, organizations, and even individuals. The worrying is that the scammers ...
Read More
infosec

Google Play Protect protects your device from malware. Turn it on!

Due to the recent vulnerability of WhatsApp that enabled hackers to remotely install spyware on both ...
Read More
infosec

Hackers stole sensitive NederWoon customer information

A home rental company, NederWoon, has been hit by hackers. Hackers managed to get into the company's systems ...
Read More
infosec

Snapchat: Employees are spying on users with the SnapLion tool

According to a report from the Motherboard, employees of Snap, the company behind Snapchat, use the ...
Read More
infosec

TalkTalk: 4.500 customer bank information was found on the internet

Recently, it has come to light, a case of violation, which has been a matter of concern to us in the past. This is the data leakage ...
Read More
Latest Posts

ADB Exploit leaves thousands of Android devices exposed

AndroidA new network worm has appeared on Android devices, which it exploits mode Android Debug Bridge (ADB) of the operating system - a function that is activated by default by phone manufacturers.

The worm was uncovered in one blog post, by security researcher Kevin Beaumont, who wrote that ADB is completely unprotected and thousands of Android devices connected to the Internet are currently exposed to this vulnerability.

How to exploit it?

Hardware manufacturers release their products with Android Debug Bridge enabled by default and the service connects to the TCP 5555 port through which one can connect to a device over the Internet.

"However, in order to be activated - theoretically - one should log in with a USB device and activate Debug Bridge first," says Kevin.

Since ADB is a troubleshooter, it allows the user to access several sensitive tools, including a Unix shell. Taking advantage of this feature, a cryptocurrency miner worm, called ADB.Miner worm, was spread on various devices in February. The worm can find new devices to offend by using the 5555 port.

The risks at stake

According to Kevin, there are thousands of Android devices that are still exposed. Anyone who logs on to an ADB-capable device can execute remote commands.

"This is particularly worrying as it allows anyone - without a password - to get root access remotely from these devices and then install them in hidden software and perform malicious actions.

ADB.Miner is still active

The ADB.Miner worm, first introduced in February by Qihoo 360 Netlab, is still active and the scan activity on 5555 has not yet stopped. Millions of scans were recorded only in the last month.

The solution

Kevin advises Android device owners to immediately disable the ADB interface. "This problem has nothing to do with the Android Debug Bridge itself," said Kevin. "ADB is not designed to operate in this way."

He also added that vendors should not have Debug Bridge-enabled products as this leads to the creation of Root Bridge - a situation where anyone can abuse the devices.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *