In the recent days, security has always been one of the greatest concerns of the internet. Now, it’s another vulnerability/flaw in many Android devices that are putting users at risk. The security community raised alarm on the fact that Android devices were having open ADB debug port for remote connection over Wi-Fi.
This issue isn’t something new. The first time it was detected by the team at Qihoo 360 Netlab in February 2018. A worm was spreading through Android devices and infecting the hosts with a cryptocurrency miner named ADB.Miner. The worm was using a vulnerability in the ADB (Android Debug Bridge) – a feature of Android for troubleshooting faulty devices and perform many actions.
By default, the feature of ADB is disabled and users have to manually turn it on for using via USB connection. ADB also supports a feature named “ADB over Wi-Fi” that allows remote debugging instead of the traditional USB cable, a flexible option for devs.
ADB interface left open
This current issue is because of the open “ADB over Wi-Fi” feature in various shipped Android devices. Customers using those devices may be completely unaware of the open remote connection. The connection is open via TCP port 5555.
ADB is a troubleshooting utility that allows collecting other sensitive information from the device as well. The access also opens access to a UNIX shell.
That’s how the infamous ADB.Miner spread throughout numerous devices back in February. It loaded the Monero miner using the Unix shell and continued spreading from the infected devices over TCP port 5555.
Devices exposing ADB port
Last week, security researcher Kevin Beaumont has brought it into focus once again. In a Medium blog post, he mentioned that there are still numerous Android devices that are left exposed online.
According to Beaumont, the open port is highly problematic as it allows anyone on the same network remotely access these devices as root user – the most powerful privilege of any UNIX-based system.
ADB.Miner still active
Because the port is left open, ADB.Miner is still going strong. According to security researchers, it’s confirmed that the worm is still active and kicking.
In addition to the worm, there’s also a Metasploit module that can exploit and root Android devices via port 5555. The best option, for now, is to check out your device manually and make sure that the ADB port is turned off.
The easiest way to do so is to disable “USB Debugging” from “Developers option” in Android “Settings”.