Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Device makers still shipping products with Android Debug Bridge enabled, despite risks

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.

The ADB feature lets developers communicate with devices remotely, listening for traffic via port 5555. "This is highly problematic as it allows anybody -- without any password -- to remotely access these devices as ‘root' -- the administrator mode -- and then silently install software and execute malicious functions," warns infosec expert Kevin Beaumont in a blog post he published last week.

During the course of Beaumont's research, he found myriad devices left vulnerable by these risky deployments, including tankers in the U.S., DVRs in Hong Kong, mobile telephones in South Korea, and an Android TV device in an unspecified locale.

A recent look at Qihoo 360's Netlab data showed nearly ten thousand unique IP addresses scanning port 5555 during a given 24 hour window, Beaumont continues.

Last February, researchers identified a new threat in ADB.miner, a wormable cryptomining malware that abuses enabled ADB settings to spread in peer-to-peer fashion across multiple devices such as mobile phones, media players and smart TVs. Inspired by Beaumont's investigation, fellow researcher Piotr Bazydlo, head of the R&D Network Security Methods Team at NASK, reports that 40,000 unique IP addresses were found impacted by ADB.Miner on June 4 and 5 alone.

"Summing up, vendors need to not ship products with Android Debug Bridge enabled over a network -- especially when they are designed for internet connectivity," Beaumont concludes. "It places the customers in harm's way. Vendors who have done this should issue product updates to remediate the issue, and if automatic updates are not an option they should contact customers to ask them to update their software."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.